Timo Sirainen tss@iki.fi writes:
On Wed, 2009-03-04 at 17:01 +0100, Sascha Wilde wrote:
Hi *,
The problem is most noticeable when a user shares his INBOX[0][1] with others:
User A sets his INBOX acls to "eilprwtsd"
Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and their contents of User A:
That shouldn't happen. There's no code for doing recursive ACLs. Sounds more like a bug somewhere. I'll check it later.
Thanks.
- ACL "INBOX" "A@example.com" akxeilprwtscd "B@example.com" eilprwtsd "A@example.com" lrwstipekxacd
A@example.com is there twice?..
Oh, haven't noticed that, but yes its actually there twice. The dovecot-acl file contains: user=A@example.com akxeilprwts user=B@example.com eilprwts
- LIST (\HasChildren) "/" "user/1@aztec.intevation.de/foobar"
How does user B see this mailbox's ACLs? Is the mailbox also selectable?
Well good question -- unfortunately I can't tell: both getacl and myrights on "user/1@aztec.intevation.de/foobar" make the imap process die on SIGV... :-(
cheers sascha
Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner