Heiko Schlichting
2008-Sep-06 22:40 UTC
[Dovecot] ACL plugin: k permission and sub-subfolders
Hi,
I'm trying to disallow the creating of subfolders for some special folder
for all users. Using ACL plugin for this seems to work at first glance but
is not a full solution or is buggy as it allows the creation of
sub-subfolders.
I'm using the following ACL and namespace separator is "/":
$ cat folder
owner lrwstie
Note: no "k" permission
("k" = create = Mailboxes can be created under this mailbox)
Seems to work:
a001 create "folder/subfolder"
a001 NO Permission denied
But:
a002 create "folder/subfolder/subsubfolder"
a002 OK Create completed.
This is unexpected. Creating a subfolder is not allowed but a sub-subfolder
is permitted? If this is intentional, the description in the wiki should
mention this. And: How to disallow the creation of any subfolders and any
sub-subfolders?
Using "folder/.DEFAULT" instead of "folder" to define the
ACL does not make
any difference for the behavior.
My configuration of dovecot is below the signature.
Thanks, Heiko.
Heiko Schlichting Freie Universit?t Berlin
heiko at FU-Berlin.DE Zentraleinrichtung f?r Datenverarbeitung (ZEDAT)
Telefon +49 30 838-54327 Fabeckstra?e 32
Telefax +49 30 838454327 14195 Berlin
# 1.1.3: /server/dovecot/server/etc/dovecot.conf
base_dir: /server/dovecot/server/var/run/
syslog_facility: local6
protocols: imap pop3
listen(default): 130.133.4.84:8143
listen(imap): 130.133.4.84:8143
listen(pop3): 130.133.4.84:8110
ssl_disable: yes
disable_plaintext_auth: no
shutdown_clients: no
nfs_check: no
login_dir: /server/dovecot/server/var/logindir
login_executable(default): /server/dovecot/server/libexec/dovecot/imap-login
login_executable(imap): /server/dovecot/server/libexec/dovecot/imap-login
login_executable(pop3): /server/dovecot/server/libexec/dovecot/pop3-login
login_greeting: mail.zedat.fu-berlin.de ready.
login_chroot: no
login_processes_count: 16
login_max_processes_count: 512
max_mail_processes: 1500
verbose_proctitle: yes
mail_uid: 865
mail_gid: 865
mail_location: maildir:/server/dovecot/spool/%2Ln/%Ln/maildir
maildir_copy_preserve_filename: yes
mail_executable(default): /server/dovecot/bin/wrapper imap
mail_executable(imap): /server/dovecot/bin/wrapper imap
mail_executable(pop3): /server/dovecot/bin/wrapper pop3
mail_plugins(default): acl quota imap_quota listescape
mail_plugins(imap): acl quota imap_quota listescape
mail_plugins(pop3): quota
mail_plugin_dir(default): /server/dovecot/server/lib/dovecot/imap
mail_plugin_dir(imap): /server/dovecot/server/lib/dovecot/imap
mail_plugin_dir(pop3): /server/dovecot/server/lib/dovecot/pop3
mail_log_prefix: %Ls[%p]: user=<%u>,
mail_log_max_lines_per_sec: 50
imap_client_workarounds(default): delay-newmail netscape-eoh
imap_client_workarounds(imap): delay-newmail netscape-eoh
imap_client_workarounds(pop3):
pop3_uidl_format(default): %08Xu%08Xv
pop3_uidl_format(imap): %08Xu%08Xv
pop3_uidl_format(pop3): %u
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: /
inbox: yes
list: yes
subscriptions: yes
auth default:
mechanisms: plain login
user: dovecot
username_format: %Lu
failure_delay: 1
passdb:
driver: checkpassword
args: /server/dovecot/bin/checkpassword-zedat
userdb:
driver: prefetch
plugin:
quota: maildir
quota_rule: *:bytes=2G
acl: vfile:/server/dovecot/server/etc/acls
On Sun, 2008-09-07 at 00:40 +0200, Heiko Schlichting wrote:> I'm trying to disallow the creating of subfolders for some special folder > for all users. Using ACL plugin for this seems to work at first glance but > is not a full solution or is buggy as it allows the creation of > sub-subfolders.Thanks, fixed: http://hg.dovecot.org/dovecot-1.1/rev/d2657188377b This will also make it easier to later create code to treat ACLs recursively. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080907/7d3b6d64/attachment-0002.bin>