[Dovecot] recursive acl problem
Hi, i ve got a problem with recursive acl, using not a vfile global backend. ( no default acl)
In my understanding every folder(directory) needs a seperate dovecot-acl files with permissions. This works fine, but my tests showed using a shared namespace like i.e.
namespace shared { separator = / prefix = "users/%d/" location = dbox:/usr/local/virtual/%d/ inbox = no list = yes subscriptions = yes hidden = no }
and have dovecot-acl in usr/local/virtual/%d/ with authenticated l
which means lookup, leads that all folders and subfolders of /usr/local/virtual/%d/%u/ are imap browseable, which means its recursive somekind.
( people will not like seeing folder names of their mailboxes until they dont gave permissions explicit to others)
In my meaning this shouldnt be so only names of ( names of directories) at /usr/local/virtual/%d/%u/ should be shown , subfolders in them should only be imap browseable if there is another dovecot-acl in them which permits lookup
i may fail here , anyone which has some enlightment for me outside?
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On Mon, 2008-07-21 at 14:35 +0200, Robert Schetterer wrote:
namespace shared { .. In my meaning this shouldnt be so only names of ( names of directories) at /usr/local/virtual/%d/%u/ should be shown , subfolders in them should only be imap browseable if there is another dovecot-acl in them which permits lookup
I think the problem here is what Dovecot uses as the default permissions. See if it helps if you change it to a "namespace private"?
But this kind of a configuration is something that isn't really even supposed to be supported yet.
Hi Timo,
Timo Sirainen schrieb:
On Mon, 2008-07-21 at 14:35 +0200, Robert Schetterer wrote:
namespace shared { .. In my meaning this shouldnt be so only names of ( names of directories) at /usr/local/virtual/%d/%u/ should be shown , subfolders in them should only be imap browseable if there is another dovecot-acl in them which permits lookup
I think the problem here is what Dovecot uses as the default permissions. See if it helps if you change it to a "namespace private"?
there should not be a default permission until there is no global vfile with default ( or until its hardcoded somewhere)
i cant think of a default vfile acl in virtual setups which might fixes this problem in total yet ( related to the present acl design )
i will try private namespace but it should work with shared namespace in the future
But this kind of a configuration is something that isn't really even supposed to be supported yet.
i understand this, no problem , this is a testing setup i am playing around and look whats possible
thx for your work on dove, and quick reply
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Robert Schetterer schrieb:
Hi Timo,
Timo Sirainen schrieb:
On Mon, 2008-07-21 at 14:35 +0200, Robert Schetterer wrote:
namespace shared { .. In my meaning this shouldnt be so only names of ( names of directories) at /usr/local/virtual/%d/%u/ should be shown , subfolders in them should only be imap browseable if there is another dovecot-acl in them which permits lookup
I think the problem here is what Dovecot uses as the default permissions. See if it helps if you change it to a "namespace private"?
there should not be a default permission until there is no global vfile with default ( or until its hardcoded somewhere)
i cant think of a default vfile acl in virtual setups which might fixes this problem in total yet ( related to the present acl design )
i will try private namespace but it should work with shared namespace in the future
But this kind of a configuration is something that isn't really even supposed to be supported yet.
i understand this, no problem , this is a testing setup i am playing around and look whats possible
thx for your work on dove, and quick reply
only for additional info just tested with private namespace didnt changed anything to the problem
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
participants (2)
-
Robert Schetterer
-
Timo Sirainen