On 16.03.2009, Timo Sirainen wrote:
On Mon, 2009-03-16 at 20:33 +0100, Bernhard Herzog wrote:
That pathological aclobj is created in acl_backend_init: backend->default_aclobj = acl_object_init_from_name(backend, NULL, ""). acl_object_init_from_name calls acl_backend_vfile_object_init, which sets the aclobj's local_path. In this particular case -- name == "" and storage == NULL -- local_path will become the concatenation of the directory name returned by mailbox_list_get_path(_backend->list, NULL, MAILBOX_LIST_PATH_TYPE_DIR) and "/dovecot-acl", which at least in the case of maildir is in the owner's INBOX directory. Later, when the user lists mailboxes, this file is actually read to determine the rights. [...] Hmm. I'm not sure if there's a reason for the existence of the default ACLs being looked up from dovecot-acl file. I think the initial fix could be to simply not do that. If someone really wants to have different default ACLs they could perhaps be stored in a file with different name.
As an attempt to fix the problem, I modified acl_backend_vfile_object_init so that local_path will be set to NULL in the default aclobj (see patch below). My tests so far, show that it works as expected. The ACL of the INBOX is no longer the default ACL. Regards, Bernhard diff -r 5284f45c249a src/plugins/acl/acl-backend-vfile.c --- a/src/plugins/acl/acl-backend-vfile.c Sun Mar 15 20:06:45 2009 -0400 +++ b/src/plugins/acl/acl-backend-vfile.c Tue Mar 17 14:42:58 2009 +0100 @@ -152,8 +152,7 @@ acl_backend_vfile_object_init(struct acl if (storage == NULL) { /* the default ACL for mailbox list */ - dir = mailbox_list_get_path(_backend->list, NULL, - MAILBOX_LIST_PATH_TYPE_DIR); + dir = NULL; } else { dir = acl_backend_vfile_get_local_dir(storage, name); } -- Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner