[Dovecot] doveadm mailbox list/stats etc. and shared mailboxes/ACLs
Hello,
2.2.0rc3:
host:~# doveadm mailbox list -u testuser INBOX INBOX.test INBOX.bla INBOX.bla.blubb INBOX.shared INBOX.virtual INBOX.shared.user1 INBOX.shared.user1.privat INBOX.shared.user1.test INBOX.shared.user1.test.test2 INBOX.shared.user1.Trash INBOX.shared.user1.in2009 [... all mailboxes of user1]
Only user1.test and user1.test.test2 have ACLs that allow testuser to access them.
host:~# doveadm mailbox status -u testuser all INBOX.shared.user1.privat INBOX.shared.user1.privat messages=37 recent=0 uidnext=70 uidvalidity=1060291494 unseen=7 highestmodseq=1 vsize=1618757 guid=9a71cb399c249d4ce10e0000c93908ca
Access with search and fetch (and probably any other doveadm command) is possible, too. Is this how it's supposed to work? Commands in testuser IMAP session respects ACLs.
Lutz
On 2.4.2013, at 15.37, Lutz Preßler Lutz.Pressler@SerNet.DE wrote:
Only user1.test and user1.test.test2 have ACLs that allow testuser to access them.
host:~# doveadm mailbox status -u testuser all INBOX.shared.user1.privat INBOX.shared.user1.privat messages=37 recent=0 uidnext=70 uidvalidity=1060291494 unseen=7 highestmodseq=1 vsize=1618757 guid=9a71cb399c249d4ce10e0000c93908ca
Access with search and fetch (and probably any other doveadm command) is possible, too. Is this how it's supposed to work? Commands in testuser IMAP session respects ACLs.
My guess: You have acl plugin enabled in protocol imap {}, but not globally?
Hello Timo, On Thu, 04 Apr 2013, Timo Sirainen wrote:
On 2.4.2013, at 15.37, Lutz Preßler Lutz.Pressler@SerNet.DE wrote:
Only user1.test and user1.test.test2 have ACLs that allow testuser to access them.
host:~# doveadm mailbox status -u testuser all INBOX.shared.user1.privat INBOX.shared.user1.privat messages=37 recent=0 uidnext=70 uidvalidity=1060291494 unseen=7 highestmodseq=1 vsize=1618757 guid=9a71cb399c249d4ce10e0000c93908ca
Access with search and fetch (and probably any other doveadm command) is possible, too. Is this how it's supposed to work? Commands in testuser IMAP session respects ACLs.
My guess: You have acl plugin enabled in protocol imap {}, but not globally? No. It's enabled in global mail_plugins: mail_plugins = " virtual acl zlib notify mail_log quota listescape stats fts fts_lucene mailbox_alias" imap_acl only in protocol imap, of course.
Lutz
On 5.4.2013, at 0.48, Lutz Preßler Lutz.Pressler@SerNet.DE wrote:
Only user1.test and user1.test.test2 have ACLs that allow testuser to access them.
host:~# doveadm mailbox status -u testuser all INBOX.shared.user1.privat INBOX.shared.user1.privat messages=37 recent=0 uidnext=70 uidvalidity=1060291494 unseen=7 highestmodseq=1 vsize=1618757 guid=9a71cb399c249d4ce10e0000c93908ca
Access with search and fetch (and probably any other doveadm command) is possible, too. Is this how it's supposed to work? Commands in testuser IMAP session respects ACLs.
My guess: You have acl plugin enabled in protocol imap {}, but not globally? No. It's enabled in global mail_plugins:
Oh. Hmm. Yeah, looks like doveadm nowadays ignores ACLs when listing mailboxes. It probably shouldn't.. I'll need to think about this. Wonder why I added the RAW_LIST flag in the first place..
participants (2)
-
Lutz Preßler
-
Timo Sirainen