[Dovecot] question dovecot Inheritance global acl vs userfolder acl
Hi Timo my tests resulted in inheritance is given if a userfolder has set some acl to its new created subfolder , which is nice
if some userfolder has its acl from global acl there is no inheritance to its new created subfolders, that subfolders will always created with full owner rights
i am not really sure if its a good idea to have inheritance from global acl and if its hackabel what is your idea to this ?
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Mon, 2012-04-30 at 20:55 +0200, Robert Schetterer wrote:
Hi Timo my tests resulted in inheritance is given if a userfolder has set some acl to its new created subfolder , which is nice
if some userfolder has its acl from global acl there is no inheritance to its new created subfolders, that subfolders will always created with full owner rights
i am not really sure if its a good idea to have inheritance from global acl and if its hackabel what is your idea to this ?
There is no ACL inheritance feature in Dovecot at all. The only thing that kind of appears as being inheritance is that when you create a new mailbox, its ACLs are copied from the parent's (but any future changes to parent ACLs won't change the child's.)
I've been planning on changing how global ACLs work though. The idea would be that you'd have a single dovecot-global-acl file that has fields:
<mailbox pattern> <ACL>
So for example you could say:
foo user=tss lrw
This would work the same way as now. But you could also add:
foo/* user=admin lrwstipekxa
This would also apply to the children. Still, none of this is really "inheritance".
Am 01.05.2012 02:29, schrieb Timo Sirainen:
On Mon, 2012-04-30 at 20:55 +0200, Robert Schetterer wrote:
Hi Timo my tests resulted in inheritance is given if a userfolder has set some acl to its new created subfolder , which is nice
if some userfolder has its acl from global acl there is no inheritance to its new created subfolders, that subfolders will always created with full owner rights
i am not really sure if its a good idea to have inheritance from global acl and if its hackabel what is your idea to this ?
There is no ACL inheritance feature in Dovecot at all. The only thing that kind of appears as being inheritance is that when you create a new mailbox, its ACLs are copied from the parent's (but any future changes to parent ACLs won't change the child's.)
I've been planning on changing how global ACLs work though. The idea would be that you'd have a single dovecot-global-acl file that has fields:
<mailbox pattern> <ACL>
So for example you could say:
foo user=tss lrw
This would work the same way as now. But you could also add:
foo/* user=admin lrwstipekxa
This would also apply to the children. Still, none of this is really "inheritance".
Hi Timo, i would say this would be "good enough" for new handling global acls , however if its not really inheritance
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
participants (2)
-
Robert Schetterer
-
Timo Sirainen