[Dovecot] Bug Report: ACL plugin searches wrong directory with shared folders

Garret Huntress ghuntress at ciw.edu
Fri Jan 19 21:36:29 UTC 2007 

I've been attempting to get to get Shared Folders and ACL's to work  
under dovecot 1.0rc17.  Unfortunately, I've run into some problems  
(many have already been mentioned on the list), specifically the  
problem where folder-specific ACL files are not found (and I will not  
use Global ACL's due to the 100% probability of cross-namespace  
mailbox name conflicts).  My namespace is as follows:

namespace private {
    separator = /
    prefix =
    location = maildir:%h/Maildir
    inbox = yes
}
namespace private {
    separator = /
    prefix = CIW Archived/
    location = maildir:%h/Mailarchive
}
namespace public {
    separator = /
    prefix = CIW Groups/
    location = maildir:/srv/export/groups:CONTROL=%h/Maildir/public- 
subscriptions:INDEX=%h/Maildir/public-index
}

I decided to run a quick strace on dovecot's imap daemon while I was  
getting a folder listing to see why dovecot was not finding the  
folder-specific ACLs.  Below are what I feel are the two key  
instances in the trace:

Example 1: searching for ACL on private folder
open("/etc/dovecot-acls//.DEFAULT", O_RDONLY) = -1 ENOENT (No such  
file or directory)
open("/home/ghuntress/Maildir/./dovecot-acl", O_RDONLY) = -1 ENOENT  
(No such file or directory)
open("/etc/dovecot-acls/Work", O_RDONLY) = -1 ENOENT (No such file or  
directory)
open("/home/ghuntress/Maildir/.Work/dovecot-acl", O_RDONLY) = -1  
ENOENT (No such file or directory)
stat("/etc/dovecot-acls/", {st_mode=S_IFDIR|0755, st_size=4096, ...})  
= 0
open("/etc/dovecot-acls/", O_RDONLY)    = 7

That looks good.  The ACL plugin looking for the global acls first in  
the correct location, then in the maildir itself for the folder- 
specific acl.


Example 2: searching for ACL on shared folder
open("/etc/dovecot-acls//.DEFAULT", O_RDONLY) = -1 ENOENT (No such  
file or directory)
open("/home/ghuntress/Maildir/public-subscriptions/./dovecot-acl",  
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/dovecot-acls/IS.Postmaster", O_RDONLY) = -1 ENOENT (No  
such file or directory)
open("/home/ghuntress/Maildir/public-subscriptions/.IS.Postmaster/ 
dovecot-acl", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/dovecot-acls/", {st_mode=S_IFDIR|0755, st_size=4096, ...})  
= 0
open("/etc/dovecot-acls/", O_RDONLY)    = 7

Not so good.  The ACL plugin is looking under the "CONTROL=" setting  
from the namespace location configuration, and not under the maildir  
itself for the folder-specific acl.  Since we have to set the  
separate CONTROL location because of subscription conflicts (http:// 
wiki.dovecot.org/SharedFolders), we either break subscriptions by  
removing the CONTROL setting, or break ACL's by adding it.

I'm not terribly familiar with the inner workings of Dovecot, however  
I can envision two possible fixes:
1.) Always have the ACL plugin look under the maildir location (and  
not the CONTROL override) for folder-specific ACLs
or
2.) Have dovecot always place subscriptions for shared folders in a  
user-specific directory regardless of the namespace location  
configuration (although, this would probably break a ton of  
production configurations).

I don't know what either of the above options would break, but I hope  
it's gives some ideas on how to fix this long-standing bug.

Please let me know if I can be of any more help.

-Garret
-- 
Garret W. Huntress
System Administrator / System Developer

Geophysical Laboratory
Carnegie Institution of Washington
5251 Broad Branch Road, NW
Washington, DC 20015

Email: ghuntress at ciw.edu
Phone: (202)-478-8973
AIM: Garret Huntress

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20070119/95f9d9ff/attachment.html

More information about the dovecot mailing list