[Dovecot] ACL plugin: k permission and sub-subfolders

[Heiko Schlichting]

Hi,

I'm trying to disallow the creating of subfolders for some special folder
for all users. Using ACL plugin for this seems to work at first glance but
is not a full solution or is buggy as it allows the creation of
sub-subfolders.

I'm using the following ACL and namespace separator is "/":

$ cat folder
owner lrwstie

Note: no "k" permission
      ("k" = create = Mailboxes can be created under this mailbox)

Seems to work:

    a001 create "folder/subfolder"
    a001 NO Permission denied

But:

    a002 create "folder/subfolder/subsubfolder"
    a002 OK Create completed.

This is unexpected. Creating a subfolder is not allowed but a sub-subfolder
is permitted? If this is intentional, the description in the wiki should
mention this. And: How to disallow the creation of any subfolders and any
sub-subfolders?

Using "folder/.DEFAULT" instead of "folder" to define the ACL does not make
any difference for the behavior.

My configuration of dovecot is below the signature.

Thanks, Heiko.

Heiko Schlichting          Freie Universität Berlin
heiko at FU-Berlin.DE         Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327   Fabeckstraße 32
Telefax +49 30 838454327   14195 Berlin

# 1.1.3: /server/dovecot/server/etc/dovecot.conf
base_dir: /server/dovecot/server/var/run/
syslog_facility: local6
protocols: imap pop3
listen(default): 130.133.4.84:8143
listen(imap): 130.133.4.84:8143
listen(pop3): 130.133.4.84:8110
ssl_disable: yes
disable_plaintext_auth: no
shutdown_clients: no
nfs_check: no
login_dir: /server/dovecot/server/var/logindir
login_executable(default): /server/dovecot/server/libexec/dovecot/imap-login
login_executable(imap): /server/dovecot/server/libexec/dovecot/imap-login
login_executable(pop3): /server/dovecot/server/libexec/dovecot/pop3-login
login_greeting: mail.zedat.fu-berlin.de ready.
login_chroot: no
login_processes_count: 16
login_max_processes_count: 512
max_mail_processes: 1500
verbose_proctitle: yes
mail_uid: 865
mail_gid: 865
mail_location: maildir:/server/dovecot/spool/%2Ln/%Ln/maildir
maildir_copy_preserve_filename: yes
mail_executable(default): /server/dovecot/bin/wrapper imap
mail_executable(imap): /server/dovecot/bin/wrapper imap
mail_executable(pop3): /server/dovecot/bin/wrapper pop3
mail_plugins(default): acl quota imap_quota listescape
mail_plugins(imap): acl quota imap_quota listescape
mail_plugins(pop3): quota
mail_plugin_dir(default): /server/dovecot/server/lib/dovecot/imap
mail_plugin_dir(imap): /server/dovecot/server/lib/dovecot/imap
mail_plugin_dir(pop3): /server/dovecot/server/lib/dovecot/pop3
mail_log_prefix: %Ls[%p]: user=<%u>, 
mail_log_max_lines_per_sec: 50
imap_client_workarounds(default): delay-newmail netscape-eoh
imap_client_workarounds(imap): delay-newmail netscape-eoh
imap_client_workarounds(pop3): 
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %u
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
auth default:
  mechanisms: plain login
  user: dovecot
  username_format: %Lu
  failure_delay: 1
  passdb:
    driver: checkpassword
    args: /server/dovecot/bin/checkpassword-zedat
  userdb:
    driver: prefetch
plugin:
  quota: maildir
  quota_rule: *:bytes=2G
  acl: vfile:/server/dovecot/server/etc/acls