[Dovecot] permission problem when using public namespace and "subscription = yes"
Lars Uhlmann
dovecot at lars-uhlmann.de
Wed Sep 4 17:20:39 EEST 2013
I have configured an public namespace "Test" for a group of users:
| namespace public {
| separator = .
| prefix = Test.
| location = maildir:/mailroot/public/Test
| hidden = no
| list = yes
| subscriptions = yes
| }
Using each users own subscription file for a public mailbox doesn't
make sense when the mailbox is heavily used. Every directory operation
(create/rename) needs to be synced between all subscribers
automatically and immediately. So I set "subscriptions = yes".
My ACLS look like this:
| user=mark lrwstiekx
| user=tim lrwstiekx
| user=max lr
| user=jenny lrwstiekx
| user=louis lr
Nevertheless _all_ my mail users still have access to the namespace's
directory tree.
It is my understanding that when a user doesn't has 'lookup' access, he
should not be able to subscribe to this mailbox.
In my opinion this is a security problem. ACLs must be processed
_before_ a shared subscrition file is parsed.
regards
Lars
More information about the dovecot
mailing list