[Dovecot] ACL MySQL dict: to_user==from_user entries
Hi!
We run dovecot 2.1.6 with ACL support and MySQL dict for shared/shared-boxes/user/$to/$from.
When a user does a SETACL (via IMAP) to himself he is added as $to and $from to the MySQL dict. Se for example this IMAP conversation:
5 GETACL INBOX
- ACL "INBOX" "user@domain" lrwstipekxacd 5 OK Getacl completed. 6 SETACL INBOX user@domain lrwstipekxacd 6 OK Setacl complete. 7 GETACL INBOX
- ACL "INBOX" "user@domain" akxeilprwtscd 7 OK Getacl completed.
As you can see, user@domain sets the ACL of his INBOX to the same value it was set before (reading it from the server after this idempotent write changed the order but none of the flags).
But after "SETACL INBOX user@domain lrwstipekxacd" I see a new entry in my imap_acl_shares table where to_user and from_user both contain the value "user@domain".
As far as I can see, this entry does not make much sense in the database, because every user should be able so see its own folders.
But adding this line may blow up the database especially according to the full table scan problem for acl dict rebuild mentioned in http://www.dovecot.org/list/dovecot/2012-August/067548.html.
Does it make sense to run a daily cron job, that removes all entries with from_user=to_user or may this cause other inconsistencies?
If you need to have a look at my complete setup, it's in http://www.dovecot.org/list/dovecot/2012-July/067130.html, so I don't have to clone this here.
Tschoeeee
RolandOn 29.8.2012, at 15.44, Roland Rosenfeld wrote:
But after "SETACL INBOX user@domain lrwstipekxacd" I see a new entry in my imap_acl_shares table where to_user and from_user both contain the value "user@domain".
Does it make sense to run a daily cron job, that removes all entries with from_user=to_user or may this cause other inconsistencies?
Yes. Also fixed in hg: http://hg.dovecot.org/dovecot-2.1/rev/3eaeacc85b4c
participants (2)
-
Roland Rosenfeld
-
Timo Sirainen