[Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.:
[at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user
Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSkN+VHWSIuGy1ktrAQLR8ggAjmyUvByjz/acGoQzXahh4dr4/+FT9bx+ FU9ze1dK9ZgFWW+SkBrgmMW6ayu77rHG3Qp66ONAgJFRmBv+w6G8IJA8yueD/8z4 ZsGN1ekQxBwqAJWnGyMAVNiksRwE0SFUNAoTIKfjOLE21fQhiI6aGpdFWqP89/Vb jITOQ0+woAm2g2DvCBEMRXRZoFZGO8UCX6RCXaaqGV0c7mEkwRn/cSB/EimTTHr1 lkGXtjpJJ7u9d5apSK2TX5FFKPmKgU9G4rCzMvG9sNB808dwvtnaNBCii3btlxRT 5UBIji4PBx7zs6APctIjfsuMg5yiMg92ip9SBMYnBZ2BmmCMzDu9iA== =gAST -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 25 Jun 2009, Steffen Kaiser wrote:
I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.:
[at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user
Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted.
Can/should remove Dovecot the dict entry, if "user" logins and Dovecot detects that there are no ACLs on mailfolders of "testuser" for "user"?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSkOr53WSIuGy1ktrAQLFqwf/cgjgbEAuVqgCkyjcVOiPMPkVkQ7dn63Z Rd9FqPKPSUd8T3fR9uRwfOCz6KGUpESX9TqzFxuEYVbooTMZijQQ9p1lL1sFY7dD 9ScFaZoGzmV8QyZEYOIzWyU29GztGUqfMbLld6WI2nSsLuxHWryx6J/Gq44jAiVp WVUK8efUtNqubYre770gO5NrrzFNnJEgnjIvhyBZKikw8GnY10MwFfDP/+VGMmUZ F4sbFoZwOH1WfYAZtph7FhPF7uEMcHtT/9Uez3egV+v1sBzP59EtErUh0a9Vrjef l76OyYpzuXtDGar/e1suARnAXt9Q/vuvGygvtagFu2xqRb3ZEoE6VQ== =rgCG -----END PGP SIGNATURE-----
Steffen Kaiser schrieb:
Hello,
I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.:
[at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user
Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted.
Bye,
-- Steffen Kaiser
Hi Steffen, did you use a setup like described by example acl sql
http://wiki.dovecot.org/SharedMailboxes/Shared
with mysql?
this is what i will need but couldnt found any time yet to test it
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 26 Jun 2009, Robert Schetterer wrote:
Hallo Robert,
Hi Steffen, did you use a setup like described by example acl sql
http://wiki.dovecot.org/SharedMailboxes/Shared
with mysql?
this is what i will need but couldnt found any time yet to test it
I added the example with pgsql today :) I found exactly one reference to dict::proxy on the list and thought it's worth putting into Wiki, in order I can find it again.
Yes, I do, but I get mad over my system users. The ACL work on IMAP-side, but they are not mapped correctly to Unix-side (aka file permissions). Timo mentioned this somewhen on the list. I created accounts in the same group, this works like charm. Thunderbird (well, an elder one) is a bit slow to find deeply nested shared folders for the first time, but that's normal.
That's why I am looking into a "acl_change_notify" feature for Dovecot. I think, I found something for read and write IMAP ACLs, but "a"dmin ACL won't work 100%. Well, it makes me think to change to virtual users. The extra security with system users comes from a traditional setup, which no longer applies.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSkTNX3WSIuGy1ktrAQJ3hAgAgDRps/G5Hu3cFpvO8OIkOwiceWmTxCYG Zuw25Yyz1cwNj28zIJ3O6iMn8UOr4SZDp54QhJzCatTzqpMFJW7XZI5BwxzJvQcm ONcC+qUgtdYPm2GzAQwnTQTXj4QApW1CNLaf0keY3yawEOLVnoKhrdCOxVH6g1eR w7RsVEb3bIW0I2cwlkKeV97Ts59xOuyVDpEN+FHAKquecJyd9eXy0M0SRFVYB++l lKjIpWzFEVFntlXO3iAwAkRhFbSHAlXmnC4XAyzaz0QalIRvhHWBx4P8tERt0EpC aGoA2wnNSPywxPkxwg3OkpglgtEfFKgriKG74FpGfWsj3VDj96/q7A== =XQLp -----END PGP SIGNATURE-----
Robert Schetterer schrieb:
Steffen Kaiser schrieb:
Hello,
I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.:
[at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user
Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted.
Bye,
-- Steffen Kaiser
Hi Steffen, did you use a setup like described by example acl sql
http://wiki.dovecot.org/SharedMailboxes/Shared
with mysql?
this is what i will need but couldnt found any time yet to test it
just for complete, i tested acl setup with mysql and after a few tests it looks like it works as described in the example wiki without any special modify for mysql ,too
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Thu, 2009-06-25 at 15:40 +0200, Steffen Kaiser wrote:
I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.:
[at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user
Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted.
Well, yeah, looks like it's not too easy to detect in the code. I think I won't fix it before v1.2.0.
participants (3)
-
Robert Schetterer
-
Steffen Kaiser
-
Timo Sirainen