dovecot - Aug 2009 - virtual plugin and ACL

Hello list, 

We are using virtual plugin for to provide users two additional folders:
Company/all - it contains all messages in user's mailbox
Company/favorites - here is flagged messages.

Here is namespace part of config file:
namespace private {
    prefix = Company/
    separator = /
    location = virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++
    subscriptions = no
}

Everything works fine, but problem arises when someone rename or delete virtual
mailbox. With above config, 1 user make changes to his mailbox, but changes
distribute for entire domain.

First, I have tried to add :CONTROL=/data/mail/%d/%n/data/virtual to location
part of virtual namespace, but I have no luck with such settings. Directory
/data/mail/%d/%n/data/virtual not even been created.

Then I tried to setup ACL for virtual mailbox. Adding "acl" to
mail_plugins in imap and lda section and acl=vfile to plugins config. Under
/var/mail/virtual in each mailbox I create dovecot-acl file contaning:
user=koshikov.n lrwstiekxa
authenticated lrwstipe

But this didn't work.

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN
AUTH=LOGIN] Server ready.
a login test qwe
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE
UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH QUOTA] Logged in
a list "" *
* LIST (\HasNoChildren) "/" "Sent"
* LIST (\HasNoChildren) "/" "Drafts"
* LIST (\HasNoChildren) "/" "Spam"
* LIST (\HasNoChildren) "/" "Trash"
* LIST (\HasNoChildren) "/" "INBOX"
* LIST (\Noselect \HasChildren) "/" "Company"
* LIST (\HasNoChildren) "/" "Company/all"
* LIST (\HasNoChildren) "/" "Company/favorites"
a OK List completed.
a select Company/all
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk \*)]
Flags permitted.
* 13 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1249459221] UIDs valid
* OK [UIDNEXT 14] Predicted next UID
* OK [NOMODSEQ] No permanent modsequences
a OK [READ-WRITE] Select completed.
a getacl
a BAD Error in IMAP command GETACL: Unknown command.
a rename Company/all Company/test
a OK Rename completed.

After "rename completed" in /var/mail/virtual new file
dovecot-acl-list is appear with content:
1249457074 test

How can I get workaround for this situation ? I just need to restrict my users
renaming and deleting virtualboxes.

On Wed, 2009-08-05 at 11:08 +0300, Nikita Koshikov
wrote:
> Here is namespace part of config file:
> namespace private {
>     prefix = Company/
>     separator = /
>     location = virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++
>     subscriptions = no
> }
..
> Then I tried to setup ACL for virtual mailbox. Adding "acl" to
mail_plugins in imap and lda section and acl=vfile to plugins config. Under
/var/mail/virtual in each mailbox I create dovecot-acl file contaning:
> user=koshikov.n lrwstiekxa
> authenticated lrwstipe
> 
> But this didn't work.
That's because in private namespaces user owns the mails, and
"authenticated" doesn't reduce the user's privileges. You
could use
"owner" instead.

Also I don't think you should use ACLs at all here. It's easier and more
secure to just make /var/mail/virtual non-writable to imap process. For
example change file/dir owners to root and make them world-readable.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090807/3b1b8067/attachment-0002.bin>

On Fri, 07 Aug 2009 15:23:32 -0400
Timo Sirainen <tss at iki.fi> wrote:
> That's because in private namespaces user owns the mails, and
> "authenticated" doesn't reduce the user's privileges. You
could use
> "owner" instead.
> 
> Also I don't think you should use ACLs at all here. It's easier and
more
> secure to just make /var/mail/virtual non-writable to imap process. For
> example change file/dir owners to root and make them world-readable.
Thank you, Timo.

Both variants are working fine for me.