Am 02.12.19 um 13:35 schrieb Peter Chiochetti via dovecot:

After updating from 2.2.22 to 2.2.33 rsp 2.3.8 my ACLs went bust.

Below line in the global acl file hides all folders except INBOX for all users

...

• group=ALL

Next reenable certain folders, eg:

...

Sent group=ALL lrwsi

This made anyone see "Sent" in 2.2.22, but no longer so in 2.2.33

Any ideas how to have it like before?

PS: my setup is a little contrived, but perhaps, this can be seen more widely? Attached acl-debug output; I suppose, it clearly states, the mailbox is visible in LIST - connecting with telnet I can select the mailbox and fetch messages, though it does not appear in LIST

-- peter

Reword of attempt from last week, also workaround/possible culprit found:

In dovecot 2.2.22 the stanza "* group=Guest" in the global ACL vfile did stop dovecot from showing anybody in group "Guest" any mailbox but INBOX in imap LIST command.

So I had to grant lookup right extra, eg. "Sent group=ALL lrwsi" to show the Sent mailbox and also allow insert etc.

The use case is very simple: First, take away all the rights, selectively grant rights afterwards.

After upgrading to 2.2.33 recently, only INBOX got shown. No way to grant any more rights. Turning on mail_debug=yes, dovecot logged

imap(...): Debug: acl: Mailbox not in dovecot-acl-list: Sent

Yet, I had configured acl_globals_only = yes, so dovecot-acl-list should not matter at all, should'nt it?

Indeed, there was commit 95c8d28ebfc13f3252b71c71f3d5c0d809110a08 in the time between 2.2.22 and 2.2.33 concerning just this.

Further indeed, removing acl_globals_only from my local.conf re-enables the 2.2.22 behaviour (at least now, with 2.3.9).

Performance impact for me is negligible. Maybe there is a regression lurking in acl_mailbox_list_iter_next_info, in that a list is expected, that wont ever exist, with acl_globals_only on?

-- peter