[Dovecot] acls not copied when creating subfolder of private INBOX
Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls.
Setting:
- maildir with private INBOX and public folders.
- users maildir directory (/home/mail/user/ahelmcke) contains dovecot-acl file
- public folders root directory (/home/mail/Fax) contains dovecot-acl file
When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory.
Debug output:
doveadm -Dv mailbox create -u ahelmcke Fax/Buhhhh
doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(ahelmcke): Debug: auth input: ahelmcke quota_rule=*:storage=2000M doveadm(ahelmcke): Debug: Added userdb setting: plugin/quota_rule=*:storage=2000M doveadm(ahelmcke): Debug: Effective uid=494, gid=491, home=/home/mail/user/ahelmcke doveadm(ahelmcke): Debug: Quota root: name=User quota backend=maildir args= doveadm(ahelmcke): Debug: Quota rule: root=User quota mailbox=* bytes=2097152000 messages=0 doveadm(ahelmcke): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/mail/user/ahelmcke doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke, index=, control=, inbox=/home/mail/user/ahelmcke, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 1 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: Namespace dummy: type=private, prefix=, sep=/, inbox=no, hidden=yes, list=no, subscriptions=yes location=maildir:/home/mail/user/ahelmcke/public/ doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke/public, index=, control=, inbox=, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 1 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: Namespace fax: type=public, prefix=Fax/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=maildir:/home/mail/Fax:INDEX=/home/mail/user/ahelmcke/SEEN.Fax doveadm(ahelmcke): Debug: maildir++: root=/home/mail/Fax, index=/home/mail/user/ahelmcke/SEEN.Fax, control=, inbox=, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 0 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/dovecot-acl doveadm(ahelmcke): Debug: Namespace Fax/: Using permissions from /home/mail/Fax: mode=0700 gid=-1 doveadm(ahelmcke): Debug: Namespace INBOX/: Using permissions from /home/mail/user/ahelmcke: mode=0700 gid=-1 doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl doveadm(ahelmcke): Debug: Namespace Fax/: /home/mail/Fax/.Buhhhh doesn't exist yet, using default permissions doveadm(ahelmcke): Debug: Namespace Fax/: Using permissions from /home/mail/Fax: mode=0700 gid=-1 doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: file /home/mail/Fax/.Buhhhh/dovecot-acl not found doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/.Buhhhh/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/.Buhhhh/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/.Buhhhh/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/.Buhhhh/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/.Buhhhh/dovecot-acl doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/user/ahelmcke/dovecot-acl
doveadm -Dv mailbox create -u ahelmcke INBOX/Buhhhh
doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib10_quota_plugin.so doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot/doveadm doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_lookup (this is usually intentional, so just ignore this message) doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol: i_stream_create_deflate (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_list_backend (this is usually intentional, so just ignore this message) doveadm(ahelmcke): Debug: auth input: ahelmcke quota_rule=*:storage=2000M doveadm(ahelmcke): Debug: Added userdb setting: plugin/quota_rule=*:storage=2000M doveadm(ahelmcke): Debug: Effective uid=494, gid=491, home=/home/mail/user/ahelmcke doveadm(ahelmcke): Debug: Quota root: name=User quota backend=maildir args= doveadm(ahelmcke): Debug: Quota rule: root=User quota mailbox=* bytes=2097152000 messages=0 doveadm(ahelmcke): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/home/mail/user/ahelmcke doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke, index=, control=, inbox=/home/mail/user/ahelmcke, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 1 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: Namespace dummy: type=private, prefix=, sep=/, inbox=no, hidden=yes, list=no, subscriptions=yes location=maildir:/home/mail/user/ahelmcke/public/ doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke/public, index=, control=, inbox=, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 1 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: Namespace fax: type=public, prefix=Fax/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=maildir:/home/mail/Fax:INDEX=/home/mail/user/ahelmcke/SEEN.Fax doveadm(ahelmcke): Debug: maildir++: root=/home/mail/Fax, index=/home/mail/user/ahelmcke/SEEN.Fax, control=, inbox=, alt= doveadm(ahelmcke): Debug: acl: initializing backend with data: vfile doveadm(ahelmcke): Debug: acl: acl username = ahelmcke doveadm(ahelmcke): Debug: acl: owner = 0 doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none) doveadm(ahelmcke): Debug: Namespace INBOX/: /home/mail/user/ahelmcke/.Buhhhh doesn't exist yet, using default permissions doveadm(ahelmcke): Debug: Namespace INBOX/: Using permissions from /home/mail/user/ahelmcke: mode=0700 gid=-1
doveconf -n # 2.1.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-220.7.1.el6.x86_64 x86_64 CentOS release 6.2 (Final) ext4 auth_master_user_separator = * auth_verbose = yes first_valid_uid = 400 mail_debug = yes mail_gid = vmail mail_home = /home/mail/user/%u mail_location = maildir:/home/mail/user/%u mail_plugins = " quota acl" mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mbox_write_locks = fcntl namespace dummy { alias_for = INBOX/ hidden = yes list = no location = maildir:/home/mail/user/%u/public/ prefix = separator = / type = private } namespace fax { location = maildir:/home/mail/Fax:INDEX=/home/mail/user/%u/SEEN.Fax prefix = Fax/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = prefix = INBOX/ separator = / type = private } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/home/mail/shared-mailboxes quota = maildir:User quota quota_rule = *:storage=3G sieve = /home/mail/user/%u/sieve.active sieve_dir = /home/mail/user/%u/sieve.scripts } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { mode = 0600 user = vmail } } service imap-login { inet_listener imap { address = * } inet_listener imaps { address = * } } service managesieve-login { inet_listener sieve { address = * port = 4190 } } ssl = required ssl_cert =
Am 24.04.2012 16:09, schrieb Andreas Helmcke:
Setting:
- maildir with private INBOX and public folders.
- users maildir directory (/home/mail/user/ahelmcke) contains dovecot-acl file
- public folders root directory (/home/mail/Fax) contains dovecot-acl file
When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory.
i am not sure ,but but i think that works like designed
.. ACL Inheritance
Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance.
Namespace's default ACLs are read from "dovecot-acl" file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs.
....
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Am 24.04.2012 16:54, schrieb Robert Schetterer:
Am 24.04.2012 16:09, schrieb Andreas Helmcke:
When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory.
i am not sure ,but but i think that works like designed
http://wiki2.dovecot.org/ACL .. ACL Inheritance ....
I do read this as: when creating a new mailbox; acls are copied from parent. This it what it does for public folders but /not/ for the private ones. So in my opinion at least it is not working as documented.
Am 24.04.2012 17:17, schrieb Andreas Helmcke:
Am 24.04.2012 16:54, schrieb Robert Schetterer:
Am 24.04.2012 16:09, schrieb Andreas Helmcke:
When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory.
i am not sure ,but but i think that works like designed
http://wiki2.dovecot.org/ACL .. ACL Inheritance ....
I do read this as: when creating a new mailbox; acls are copied from parent. This it what it does for public folders but /not/ for the private ones. So in my opinion at least it is not working as documented.
i think its missunderstandable written
this is what counts i think
http://wiki2.dovecot.org/ACL ... "There is currently no support for ACL inheritance" ..
public folders are special cases.... it makes sense to have inheritance as default acl
but this may not be a good idea as default at users folders
read the list archive about this stuff, i cant remember all but Timo wrote some about it, at last ,develop of that feature may be still be not finshed
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 24.4.2012, at 17.09, Andreas Helmcke wrote:
Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls.
Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well?
Am 25.04.2012 23:27, schrieb Timo Sirainen:
On 24.4.2012, at 17.09, Andreas Helmcke wrote:
Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls.
Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well?
I am not sure if this change is part of the 2.1.6 release but I just checked again with release 2.1.6. Still the same problem.
Am 09.05.2012 12:31, schrieb Andreas Helmcke:
Am 25.04.2012 23:27, schrieb Timo Sirainen:
On 24.4.2012, at 17.09, Andreas Helmcke wrote:
Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls.
Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well?
I am not sure if this change is part of the 2.1.6 release but I just checked again with release 2.1.6. Still the same problem.
if i create a folder , set acls to it ( by manual i.e edit dovecot-acl) same acl are copied to its subfolders
if the folder gets its acls from global-acl the acls arent copied to its subfolders
As far i remember Timo is thinking about redesign acl config , check the list archives
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
participants (3)
-
Andreas Helmcke
-
Robert Schetterer
-
Timo Sirainen