[Dovecot] Bug Report: ACL plugin searches wrong directory with shared folders
Garret Huntress
ghuntress at ciw.edu
Fri Jan 19 21:36:29 UTC 2007
I've been attempting to get to get Shared Folders and ACL's to work
under dovecot 1.0rc17. Unfortunately, I've run into some problems
(many have already been mentioned on the list), specifically the
problem where folder-specific ACL files are not found (and I will not
use Global ACL's due to the 100% probability of cross-namespace
mailbox name conflicts). My namespace is as follows:
namespace private {
separator = /
prefix =
location = maildir:%h/Maildir
inbox = yes
}
namespace private {
separator = /
prefix = CIW Archived/
location = maildir:%h/Mailarchive
}
namespace public {
separator = /
prefix = CIW Groups/
location = maildir:/srv/export/groups:CONTROL=%h/Maildir/public-
subscriptions:INDEX=%h/Maildir/public-index
}
I decided to run a quick strace on dovecot's imap daemon while I was
getting a folder listing to see why dovecot was not finding the
folder-specific ACLs. Below are what I feel are the two key
instances in the trace:
Example 1: searching for ACL on private folder
open("/etc/dovecot-acls//.DEFAULT", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/home/ghuntress/Maildir/./dovecot-acl", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/etc/dovecot-acls/Work", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/home/ghuntress/Maildir/.Work/dovecot-acl", O_RDONLY) = -1
ENOENT (No such file or directory)
stat("/etc/dovecot-acls/", {st_mode=S_IFDIR|0755, st_size=4096, ...})
= 0
open("/etc/dovecot-acls/", O_RDONLY) = 7
That looks good. The ACL plugin looking for the global acls first in
the correct location, then in the maildir itself for the folder-
specific acl.
Example 2: searching for ACL on shared folder
open("/etc/dovecot-acls//.DEFAULT", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/home/ghuntress/Maildir/public-subscriptions/./dovecot-acl",
O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/dovecot-acls/IS.Postmaster", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/home/ghuntress/Maildir/public-subscriptions/.IS.Postmaster/
dovecot-acl", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/etc/dovecot-acls/", {st_mode=S_IFDIR|0755, st_size=4096, ...})
= 0
open("/etc/dovecot-acls/", O_RDONLY) = 7
Not so good. The ACL plugin is looking under the "CONTROL=" setting
from the namespace location configuration, and not under the maildir
itself for the folder-specific acl. Since we have to set the
separate CONTROL location because of subscription conflicts (http://
wiki.dovecot.org/SharedFolders), we either break subscriptions by
removing the CONTROL setting, or break ACL's by adding it.
I'm not terribly familiar with the inner workings of Dovecot, however
I can envision two possible fixes:
1.) Always have the ACL plugin look under the maildir location (and
not the CONTROL override) for folder-specific ACLs
or
2.) Have dovecot always place subscriptions for shared folders in a
user-specific directory regardless of the namespace location
configuration (although, this would probably break a ton of
production configurations).
I don't know what either of the above options would break, but I hope
it's gives some ideas on how to fix this long-standing bug.
Please let me know if I can be of any more help.
-Garret
--
Garret W. Huntress
System Administrator / System Developer
Geophysical Laboratory
Carnegie Institution of Washington
5251 Broad Branch Road, NW
Washington, DC 20015
Email: ghuntress at ciw.edu
Phone: (202)-478-8973
AIM: Garret Huntress
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20070119/95f9d9ff/attachment.html
More information about the dovecot
mailing list