On 13.03.2009, Bernhard Herzog wrote:
On 10.03.2009, Timo Sirainen wrote:
I've been a bit busy (or lazy) recently and I'm not focusing on trying to get the new dbox code working. I'll look at the ACL bugs at some point, but you can probably get them fixed sooner if you do it yourself.
I'm going to look into this.
OK. So far I've concentrated on the problem that ACLs set on the INBOX are applied to all children of INBOX. E.g. if you have users frodo and bilbo, and frodo does x SETACL "INBOX" "bilbo" lsr then bilbo will not only see frodo's INBOX as intended, but also all subfolders. More precisely the ACL of the INBOX is used for all folders that do not have their own ACL settings for bilbo.
Here's what I've found out so far:
The reason for the behavior is an aclobj with name "" which takes its actual rights from the dovecot-acl file in the other user's INBOX. That aclobj is used for the default ACLs used for mailboxes with ACL entry for the user and for non-owners should normally be no rights at all and not taken from the ACL of the INBOX.
That pathological aclobj is created in acl_backend_init:
backend->default_aclobj = acl_object_init_from_name(backend, NULL, "").
acl_object_init_from_name calls acl_backend_vfile_object_init, which sets the
aclobj's local_path. In this particular case -- name == "" and storage ==
NULL -- local_path will become the concatenation of the directory name
returned by
mailbox_list_get_path(_backend->list, NULL,
MAILBOX_LIST_PATH_TYPE_DIR)
and "/dovecot-acl", which at least in the case of maildir is in the owner's
INBOX directory. Later, when the user lists mailboxes, this file is actually
read to determine the rights.
That explains the observed behavior. I'm not sure yet how to fix it. I'll look into that next.
Bernhard
-- Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner