Timo Sirainen <tss@iki.fi> writes:
On Wed, 2009-02-11 at 11:00 +0100, Sascha Wilde wrote:
Could we by any chance get the latest small changes/enhancements:
- 'c' and 'd' in setacl
Yes, this will definitely be included.
This is very good news.
- Displaying the actual user name instead of meta name "owner" on getacl output (see Bernhards patch in the "IMAP ACLs and global ACLs in v1.2" thread)
That patch appears to be also changing owners to user=x?
This is indeed quite possible -- I haven't seen it happen in my tests though...
As Bernhard wrote him self on the patch: we are not sure it is the right solution -- actually he is pretty sure it isn't ... ;-)
I wouldn't mind a patch that showed them to clients as user=x, but I don't want them to change when something else gets changed.
For us[0] changing what is shown to the client is sufficient. Actually on a second thought I agree with you, that keeping the special owner keyword internally is preferable.
Also I'm not entirely sure how it should be handled when user=x ACL is changed. Should it remove the owner? Should it change the owner instead?
This is a good point. IMO there are only a couple of possibilities:
we could define that only the server-administrator is allowed to change owner acls by means of setting global acls or manually editing the dovecot-acl files.
Rational: Users shouldn't be able to change the owners acls, to prevent them from shooting there own foots.
In this case changing the acl for the user which maps to "owner" would be silently ignored.
cyrus imapd actually tries[1] to implement a variant of this possibility in that it does not allow to remove the 'a' right from the owner: s setacl INBOX/foo 1@burlywood1.rgb lrswipkxtecd s OK Completed g getacl INBOX/foo
- ACL INBOX/foo 1@burlywood1.rgb lrswipkxtecda g OK Completed s setacl INBOX/foo 1@burlywood1.rgb lrs s OK Completed g getacl INBOX/foo
- ACL INBOX/foo 1@burlywood1.rgb lrskxca I think this is worth considering.
Allow everything allowed by the actual ACLs, so every user having a(dmin) rights is free to change all ACLs even if it leads to folders where no user has the right to change it any more.
Rational: unix philosophy, obey to user demands and don't be nuisance, shooting ones own foot is a basic freedom... ;-)
I think the owner ACLs are usually in global ACL files, so it's probably not possible to remove or change it, only add a new user=x.
I think that it would be best to always map the owners user name to the keyword "owner" and vice versa between the IMAP front end and the acl back end. This way user=x where x is the owners user name should never appear in an dovecot-acl file. So it boils down to the question if the individual acl-files should take precedence over the global one -- without having checked I assume this decision already has been made.
cheers sascha
[0] Actually IMNSHO this subject is not only relevant to us: - The acl aware clients I know of don't recognize the special meaning of "owner". - This makes perfect sense, as there is no specified way to decide if the string "owner" in an IMAP ACL reply denotes an user actually named owner or is an special keyword denoting "the user owning the folder". - Finally, even if an client would recognize "owner" as an special keyword, it wouldn't be able to figure out who the owner actual is. Which makes the information of rather low use. [1] I just tested some scenarios and it turned out they messed up on the details, so that one can actually end up with an folder which no user has admin rights one and the output of myrights and getacl is inconsistent -- quite funny!
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner