[Dovecot] acl with hierarchy separators mismatched config
YAEGASHI Takeshi
yaegashi at debian.org
Tue Aug 23 10:52:15 EEST 2011
Hi there,
I'm testing dovecot 2.0.13 on Debian squeeze (deb from http://xi.rename-it.nl/debian) with the following doveconf -n.
--------
# 2.0.13 (1449a2e2c1f5): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-openvz-amd64 i686 Debian 6.0.2 first_valid_uid = 8
mail_debug = yes
mail_location = maildir:~/Maildir
mail_plugins = listescape mail_log notify acl
namespace {
inbox = yes
location = prefix = separator = /
type = private
}
namespace {
list = children
location = maildir:/var/mail/public:INDEX=~/Maildir/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
passdb {
driver = pam
}
plugin {
acl = vfile
}
protocols = " imap"
ssl = no
userdb {
args = uid=mail gid=mail home=/var/mail/private/%u
driver = static
}
protocol imap {
mail_plugins = listescape mail_log notify acl imap_acl
}
--------
My primary interest is acl and listescape enabled folders in the public namespace. I've chosen "/" as the hierarchy separator to support folder names with dots (".").
/var/mail/public is a maildir with the maildir++ layout where the separator is a dot ("."). So I set up intial acls and folders as follows:
--------
# mkdir /var/mail/public
# echo 'anyone lra' >/var/mail/public/dovecot-acl # maildirmake.dovecot /var/mail/public/.aaa
# echo 'anyone lrwstipekxa' >/var/mail/public/.aaa/dovecot-acl
# chown -R mail.mail /var/mail/public
--------
But my attempt to create a mailbox under Public/aaa fails with "Permission denied".
--------
# imtest -a yaegashi localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
S: C01 OK Pre-login capabilities listed, post-login capabilities have more.
Please enter your password: C: A01 AUTHENTICATE PLAIN ?????????????????/
S: * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk
S: A01 OK Logged in
Authenticated.
Security strength factor: 0
. getacl Public
* ACL "Public" "anyone" alr
. OK Getacl completed.
. getacl Public/aaa
* ACL "Public/aaa" "anyone" akxeilprwtscd
. OK Getacl completed.
. create Public/aaa/bbb
. NO [NOPERM] Permission denied
--------
If the layout of /var/mail/public switched to "fs" where the separator is "/", mailbox creation succeeds as expected.
--------
namespace {
list = children
location = maildir:/var/mail/public:INDEX=~/Maildir/public:LAYOUT=fs
prefix = Public/
separator = /
subscriptions = no
type = public
}
--------
--------
# maildirmake.dovecot /var/mail/public/aaa
# echo 'anyone lrwstipekxa' >/var/mail/public/aaa/dovecot-acl
# chown -R mail.mail /var/mail/public
# imtest -a yaegashi localhost
....
. getacl Public
* ACL "Public" "anyone" alr
. OK Getacl completed.
. getacl Public/aaa
* ACL "Public/aaa" "anyone" akxeilprwtscd
. OK Getacl completed.
. create Public/aaa/bbb
. OK Create completed.
. getacl Public/aaa/bbb * ACL "Public/aaa/bbb" "anyone" akxeilprwtscd
. OK Getacl completed.
. create Public/aaa/1.2.3
. OK Create completed.
. create Public/aaa/cur
. NO Invalid mailbox name: Public/aaa/cur
--------
Is this behavior expected? Misconfiguration or dovecot bug?
I prefer the maildir++ layout with listescape as it's reserved-folder-name free (eg. cur new tmp).
Regards,
--
YAEGASHI Takeshi <yaegashi at debian.org>
More information about the dovecot
mailing list