[Dovecot] ACL plugin, public namespace, erroneous \HasNoChildren
Hi,
dovecot 1.2.2 with a second namespace called "Public", mapped to "/export/vmailboxes/public", LIST returning \HasNoChildren:
root@testvm06:~# cat /export/vmailboxes/public/dovecot-acl user=cite lrwstiekxa authenticated lrs anyone lrs root@testvm06:~# ls -l /export/vmailboxes/public/.announcements/dovecot-acl lrwxrwxrwx 1 root root 14 Aug 6 03:50 /export/vmailboxes/public/.announcements/dovecot-acl -> ../dovecot-acl
With ACL plugin enabled (notice the \HasNoChildren):
root@testvm06:~# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. . login cite secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in . list "" Public
- LIST (\Noselect \HasNoChildren) "." "Public" . OK List completed. . select Public.announcements
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 0 EXISTS
- 0 RECENT
- OK [UIDVALIDITY 1249522417] UIDs valid
- OK [UIDNEXT 1] Predicted next UID
- OK [HIGHESTMODSEQ 1] . OK [READ-WRITE] Select completed.
I included the select to show that filesystem permissions are OK.
Without ACL plugin (notice the \HasChildren here):
root@testvm06:~# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. . login cite secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH QUOTA] Logged in . list "" Public
- LIST (\Noselect \HasChildren) "." "Public" . OK List completed.
Is this intended behaviour, am I just too stupid for ACLs or something completely different? I wonder how clients are supposed to get a listing of a public namespace...
dovecot -n: # 1.2.2: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-2-amd64 x86_64 Debian 5.0.2 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve listen(default): *:143 listen(imap): *:143 listen(managesieve): * ssl_listen(default): *:993 ssl_listen(imap): *:993 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/owncerts/snakeoil.crt ssl_key_file: /etc/ssl/private/snakeoil.key login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login verbose_proctitle: yes mail_privileged_group: vmail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 1024 mail_plugins(default): quota imap_quota fts fts_squat acl mail_plugins(imap): quota imap_quota fts fts_squat acl mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: public separator: . prefix: Public. location: maildir:/export/vmailboxes/public list: yes lda: postmaster_address: postmaster@test.cite.lan hostname: testvm06.test.cite.lan mail_plugins: quota sieve auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login cram-md5 passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: sasl master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir:User quota quota_warning: storage=80%% /usr/local/bin/quota-warning.sh 80 quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95 sieve: ~/.dovecot.sieve sieve_storage: ~/sieve sieve_extensions: +imapflags fts: squat fts_squat: partial=4 full=10 acl: vfile
Cheers Stefan
- Stefan Förster cite+dovecot-users@incertum.net:
dovecot 1.2.2 with a second namespace called "Public", mapped to "/export/vmailboxes/public", LIST returning \HasNoChildren:
root@testvm06:~# cat /export/vmailboxes/public/dovecot-acl user=cite lrwstiekxa authenticated lrs anyone lrs root@testvm06:~# ls -l /export/vmailboxes/public/.announcements/dovecot-acl lrwxrwxrwx 1 root root 14 Aug 6 03:50 /export/vmailboxes/public/.announcements/dovecot-acl -> ../dovecot-acl
With ACL plugin enabled (notice the \HasNoChildren):
root@testvm06:~# telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. . login cite secret . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH ACL RIGHTS=texk QUOTA] Logged in . list "" Public
- LIST (\Noselect \HasNoChildren) "." "Public" . OK List completed.
I recompiled dovecot with changeset 13fa572535f0 (from http://hg.dovecot.org/dovecot-1.2/rev/13fa572535f0 ), but it didn't change the behaviour - and with "Public." being a mailbox with that patch, dovecot is really lying to me ;-)
Did I miss an ACL entry?
Cheers Stefan
On Thu, 2009-08-06 at 05:08 +0200, Stefan Förster wrote:
. list "" Public
- LIST (\Noselect \HasNoChildren) "." "Public"
What about LIST "" Public*?
What do you have in /export/vmailboxes/public/dovecot-acl-list? Does it work if you delete the file?
I couldn't reproduce this, except by using a stale dovecot-acl-list. Wonder if it could be made to update itself automatically in more situations.
- Timo Sirainen tss@iki.fi:
On Thu, 2009-08-06 at 05:08 +0200, Stefan Förster wrote:
. list "" Public
- LIST (\Noselect \HasNoChildren) "." "Public"
What about LIST "" Public*?
No difference.
What do you have in /export/vmailboxes/public/dovecot-acl-list? Does it work if you delete the file?
It was a 0 bytes file, owned by vmail:vmail. I deleted it, and now everything works - thanks.
I couldn't reproduce this, except by using a stale dovecot-acl-list. Wonder if it could be made to update itself automatically in more situations.
While I'm certain that this would be a good idea, because everything else in dovecot seems to repair itself as needed, I certainly can't offer any hints on how to do that ;-)
Anyways: Thanks again Stefan
On Fri, 2009-08-07 at 20:17 +0200, Stefan Förster wrote:
I couldn't reproduce this, except by using a stale dovecot-acl-list. Wonder if it could be made to update itself automatically in more situations.
While I'm certain that this would be a good idea, because everything else in dovecot seems to repair itself as needed, I certainly can't offer any hints on how to do that ;-)
Well, I added a note about it to wiki and added to todo:
- when reading dovecot-acl file and seeing a +l right on a mailbox not
listed in dovecot-acl-list, recreate it
participants (2)
-
Stefan Förster
-
Timo Sirainen