Hi *,
and yet another ACL problem. ;-)
User A allows User B to access his mailbox foobar:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. l login userA secret l OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk ANNOTATEMORE] Logged in s setacl "INBOX/foobar" "B@example.com" eilprwtsd s OK Setacl complete. g getacl INBOX/foobar
- ACL "INBOX/foobar" "B@example.com" eilprwtsd "A@example.com" lrwstipekxacd
User B logs in to dovecot and sees the newly accessible mailbox:
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. l login zwei 2 l OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk ANNOTATEMORE] Logged in l list "" "*"
- LIST (\Noselect \HasChildren) "/" "user"
- LIST (\Noselect \HasChildren) "/" "user/A@example.com"
- LIST (\HasChildren) "/" "INBOX"
- LIST (\HasNoChildren) "/" "INBOX/Gesendet"
- LIST (\HasChildren) "/" "user/A@example.com/foobar" l OK List completed. se select "user/A@example.com/foobar"
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 1 EXISTS
- 1 RECENT
- OK [UIDVALIDITY 1236104897] UIDs valid
- OK [UIDNEXT 2] Predicted next UID
- OK [HIGHESTMODSEQ 1]
Now User A changes his mind:
s setacl "INBOX/foobar" "B@example.com" "" s OK Setacl complete. g getacl INBOX/foobar
- ACL "INBOX/foobar" "A@example.com" lrwstipekxacd g OK Getacl completed.
but as long as User B stays loged in, he is not affected, in fact he still can read A's mails:
se select "user/A@example.com/foobar"
- OK [CLOSED]
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 1 EXISTS
- 0 RECENT
- OK [UIDVALIDITY 1236104897] UIDs valid
- OK [UIDNEXT 2] Predicted next UID
- OK [HIGHESTMODSEQ 1] se OK [READ-WRITE] Select completed. f101 fetch 1 FAST
- 1 FETCH (FLAGS (\Seen) INTERNALDATE "04-Mar-2009 13:11:06 +0100" RFC822.SIZE 3652) f101 OK Fetch completed.
I think ACL changes should take immediate effect, or at least should be re-checked in reasonable intervals (which imo shouldn't exceed a few seconds).
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner