dovecot - Apr 2009 - Prohibit removing INBOX

Hello list,

I'm using dovecot 1.1.11 and I'm going to prohibit users to remove  
their INBOX and some other directories in the mailbox root.

I used Access Control Lists (http://wiki.dovecot.org/ACL) to do this:

protocol imap {
   mail_plugins = acl
}

plugin {
   # With global ACLs in /etc/dovecot/acls/ directory:
   acl = vfile:/etc/dovecot/acls
}

/etc/dovecot/acls/.DEFAULT:
owner lrwstie

/etc/dovecot/acls/INBOX/.DEFAULT
owner lrwstiekxa

Actually
- its not possible to create/remove directories under the mailbox root
- its possible to create directories under INBOX
- its NOT possible to remove directories under INBOX (This is my problem.)

I tried symlinks like:
/var/mail/.../INBOX/dovecot-acl -> /etc/dovecot/acls/INBOX/.DEFAULT
/var/mail/.../dovecot-acl -> /etc/dovecot/acls/.DEFAULT

But I think the symlink won't help because they doesn't change anything.
And even with the symlinks its not possible to remove directories under IBOX.

The documentation says:
> If a mailbox has both global and per-mailbox ACL file, both of them  
> are read and the ACLs are merged. If there are any conflicts:
> * v1.0 and v1.1: The per-mailbox ACL file overrides global ACL file.
As far I can see it the documentation says nothing about merging ACLs  
of subdirs. But it seems the given behavior is not wanted by the  
dovecot design, because it seems it should be possible to override  
ACLs for subdirs, also give more permissions than the upper dirs.

Is this a dovecot failure, do I miss something or is it really wanted  
by dovecot this way?

My MUA (Evolution) says:
> Cannot delete folder "INBOX/test".
> Because "IMAP command failed: Permission denied".
It unsubscribes the folder but it not able to remove it.

Logs:
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls//.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file  
/var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file  
/var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file  
/var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file  
/var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file  
/var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls//.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /etc/dovecot/acls//.DEFAULT
dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl  
vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl

Thanks in advance
Philipp Bartels

Zitat von floss at pbartels.info:
> Hello list,
>
> I'm using dovecot 1.1.11 and I'm going to prohibit users to remove
> their INBOX and some other directories in the mailbox root.
>
There is no problem with the inbox. Users can't delete the inbox it  
looked like they could because my MUA unsubscribed the INBOX folder  
and gave me no pop-up warning. The INBOX itself can't be deleted but  
by "deleting" the INBOX all messages and subdirectories are removed.  
With the next login the INBOX appears again and seems being auto  
subscribed.

There is no need to use ACLs to protect the INBOX.
> I used Access Control Lists (http://wiki.dovecot.org/ACL) to do this:
>
> protocol imap {
>   mail_plugins = acl
> }
>
> plugin {
>   # With global ACLs in /etc/dovecot/acls/ directory:
>   acl = vfile:/etc/dovecot/acls
> }
>
> /etc/dovecot/acls/.DEFAULT:
> owner lrwstie
>
> /etc/dovecot/acls/INBOX/.DEFAULT
> owner lrwstiekxa
>
> Actually
> - its not possible to create/remove directories under the mailbox root
> - its possible to create directories under INBOX
> - its NOT possible to remove directories under INBOX (This is my problem.)
>
> I tried symlinks like:
> /var/mail/.../INBOX/dovecot-acl -> /etc/dovecot/acls/INBOX/.DEFAULT
> /var/mail/.../dovecot-acl -> /etc/dovecot/acls/.DEFAULT
>
> But I think the symlink won't help because they doesn't change
anything.
> And even with the symlinks its not possible to remove directories under
IBOX.
>
> The documentation says:
>> If a mailbox has both global and per-mailbox ACL file, both of them  
>>  are read and the ACLs are merged. If there are any conflicts:
>> * v1.0 and v1.1: The per-mailbox ACL file overrides global ACL file.
>
> As far I can see it the documentation says nothing about merging ACLs
> of subdirs. But it seems the given behavior is not wanted by the
> dovecot design, because it seems it should be possible to override ACLs
> for subdirs, also give more permissions than the upper dirs.
>
> Is this a dovecot failure, do I miss something or is it really wanted
> by dovecot this way?
>
For me the most important was that the inbox is not removable.  
Activating ACLs to protect some subfolders is not that important and  
it's not needed to let dovecot do more work to apply the ACLs... so  
I'm fine.

But the question above is still not answered...
> My MUA (Evolution) says:
>> Cannot delete folder "INBOX/test".
>> Because "IMAP command failed: Permission denied".
> It unsubscribes the folder but it not able to remove it.
>
> Logs:
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls//.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file
> /var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file
> /var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file
> /var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file
> /var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls/INBOX/.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file
> /var/mail/domain1.tld/address1/mail/INBOX/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls//.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /etc/dovecot/acls//.DEFAULT
> dovecot: 2009-04-05 13:21:22 Info: IMAP(address1 at domain1.tld): acl
> vfile: reading file /var/mail/domain1.tld/address1/mail/dovecot-acl
>
> Thanks in advance
> Philipp Bartels

On Sun, 2009-04-05 at 13:35 +0200, floss at pbartels.info wrote:
> The documentation says:
> > If a mailbox has both global and per-mailbox ACL file, both of them  
> > are read and the ACLs are merged. If there are any conflicts:
> > * v1.0 and v1.1: The per-mailbox ACL file overrides global ACL file.
> 
> As far I can see it the documentation says nothing about merging ACLs  
> of subdirs. But it seems the given behavior is not wanted by the  
> dovecot design, because it seems it should be possible to override  
> ACLs for subdirs, also give more permissions than the upper dirs.
I'm not really sure what you mean by this, but there isn't really any
concept of subdirs or upper dirs, or any kind of recursively applied
ACLs. The only exception i the +k (create) right, which specifies if
mailboxes can be created directly under that mailbox.

So if you have for example mailboxes box1 and box1/box2, their ACLs
aren't merged in any way in any situation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090408/b15c7178/attachment-0002.bin>