After updating from 2.2.22 to 2.2.33 rsp 2.3.8 my ACLs went bust.
Below line in the global acl file hides all folders except INBOX for all users
Next reenable certain folders, eg:
Sent group=ALL lrwsi
This made anyone see "Sent" in 2.2.22, but no longer so in 2.2.33
Any ideas how to have it like before?
-- peter
Am 02.12.19 um 13:35 schrieb Peter Chiochetti via dovecot:
PS: my setup is a little contrived, but perhaps, this can be seen more widely? Attached acl-debug output; I suppose, it clearly states, the mailbox is visible in LIST - connecting with telnet I can select the mailbox and fetch messages, though it does not appear in LIST
-- peter
Reword of attempt from last week, also workaround/possible culprit found:
In dovecot 2.2.22 the stanza "* group=Guest" in the global ACL vfile did stop dovecot from showing anybody in group "Guest" any mailbox but INBOX in imap LIST command.
So I had to grant lookup right extra, eg. "Sent group=ALL lrwsi" to show the Sent mailbox and also allow insert etc.
The use case is very simple: First, take away all the rights, selectively grant rights afterwards.
After upgrading to 2.2.33 recently, only INBOX got shown. No way to grant any more rights. Turning on mail_debug=yes, dovecot logged
imap(...): Debug: acl: Mailbox not in dovecot-acl-list: Sent
Yet, I had configured acl_globals_only = yes, so dovecot-acl-list should not matter at all, should'nt it?
Indeed, there was commit 95c8d28ebfc13f3252b71c71f3d5c0d809110a08 in the time between 2.2.22 and 2.2.33 concerning just this.
Further indeed, removing acl_globals_only from my local.conf re-enables the 2.2.22 behaviour (at least now, with 2.3.9).
Performance impact for me is negligible. Maybe there is a regression lurking in acl_mailbox_list_iter_next_info, in that a list is expected, that wont ever exist, with acl_globals_only on?
-- peter
participants (1)
-
Peter Chiochetti