[Dovecot] ACLs are applied recursively to sub mailboxes
Timo Sirainen
tss at iki.fi
Tue Mar 17 18:46:54 EET 2009
On Mar 17, 2009, at 12:08 PM, Timo Sirainen wrote:
> On Mar 16, 2009, at 4:12 PM, Timo Sirainen wrote:
>
>> Hmm. I'm not sure if there's a reason for the existence of the
>> default
>> ACLs being looked up from dovecot-acl file. I think the initial fix
>> could be to simply not do that. If someone really wants to have
>> different default ACLs they could perhaps be stored in a file with
>> different name.
>
> Actually I remembered now: With global ACLs it allowed
> having .DEFAULT file describing the default ACLs, which could be
> used to e.g. allow some specific user access to everyone's maiboxes.
> So I guess the right fix would be to keep this behavior but not to
> look up INBOX's dovecot-acl file.
Although if user creates new ACLs tat probably causes overriding
the .DEFAULT file, so this is a bit pointless. I guess it would be
nice to have "global ACLs that apply to all mailboxes regardless of
whether they contain their own ACLs", but I guess it can wait until
someone actually requests such feature :)
More information about the dovecot
mailing list