ACL: dovecot-acl-list and acl_globals_only
Peter Chiochetti
pch at myzel.net
Fri Dec 6 15:17:38 EET 2019
Reword of attempt from last week, also workaround/possible culprit found:
In dovecot 2.2.22 the stanza "* group=Guest" in the global ACL vfile did
stop dovecot from showing anybody in group "Guest" any mailbox but INBOX
in imap LIST command.
So I had to grant lookup right extra, eg. "Sent group=ALL lrwsi" to show
the Sent mailbox and also allow insert etc.
The use case is very simple: First, take away all the rights,
selectively grant rights afterwards.
After upgrading to 2.2.33 recently, only INBOX got shown. No way to
grant any more rights. Turning on mail_debug=yes, dovecot logged
> imap(...): Debug: acl: Mailbox not in dovecot-acl-list: Sent
Yet, I had configured acl_globals_only = yes, so dovecot-acl-list should
not matter at all, should'nt it?
Indeed, there was commit 95c8d28ebfc13f3252b71c71f3d5c0d809110a08 in the
time between 2.2.22 and 2.2.33 concerning just this.
Further indeed, removing acl_globals_only from my local.conf re-enables
the 2.2.22 behaviour (at least now, with 2.3.9).
Performance impact for me is negligible. Maybe there is a regression
lurking in acl_mailbox_list_iter_next_info, in that a list is expected,
that wont ever exist, with acl_globals_only on?
--
peter
More information about the dovecot
mailing list