[Dovecot] New global ACL mailbox pattern feature in HG
Thomas Leuxner
tlx at leuxner.net
Sat Feb 15 20:13:44 UTC 2014
* Thomas Leuxner <tlx at leuxner.net> 2014.02.10 08:51:
> > > Public/* group=PublicMailboxAdmins lrwsik
> > >
> > > yields an error (Public/ Namespace) while 'Public*' works:
> > > $ doveadm mailbox create -u tlx at leuxner.net "Public/Test"
> > > $ doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Test: Permission denied
> >
> > I think that's correct behavior? The "k" right needs to be for the parent "Public", while Public/* only matches its children.
>
> I see. Wouldn't "Public" also let's say undesirably apply to mailboxes in the user context then, e.g. someone creates a "Public" folder in his INBOX? I'm asking as I only want to apply the ACL to a namespace.
Following the http://wiki2.dovecot.org/ACL example of wildcard patters it appears 'Public/*' is completely ignored. I tested with a new mailbox and the only entry applied is the 'Public*' one:
$ cat global-acl
INBOX owner lrwstiekxap
Public* group=PublicMailboxAdmins lrwsik
Public/* anyone lr
Public/* authenticated lrws
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140215/962ae2ad/attachment.sig>
More information about the dovecot
mailing list