Andreas Helmcke
2012-Apr-24 14:09 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Using brand new dovecot 2.1.5 I still have a problem with the inheritance of
acls.
Setting:
- maildir with private INBOX and public folders.
- users maildir directory (/home/mail/user/ahelmcke) contains dovecot-acl file
- public folders root directory (/home/mail/Fax) contains dovecot-acl file
When creating a subfolder of the public folder the dovecot-acl files gets copied
to the subfolders directory as expected.
When creating a subfolder of the users INBOX the dovecot-acl files does /not/
get copied to the subfolders directory.
Debug output:
doveadm -Dv mailbox create -u ahelmcke Fax/Buhhhh
doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot
doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory:
/usr/local/lib/dovecot/doveadm
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol:
expire_set_lookup (this is usually
intentional, so just ignore this message)
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol:
i_stream_create_deflate (this is usually
intentional, so just ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol:
fts_list_backend (this is usually
intentional, so just ignore this message)
doveadm(ahelmcke): Debug: auth input: ahelmcke quota_rule=*:storage=2000M
doveadm(ahelmcke): Debug: Added userdb setting:
plugin/quota_rule=*:storage=2000M
doveadm(ahelmcke): Debug: Effective uid=494, gid=491,
home=/home/mail/user/ahelmcke
doveadm(ahelmcke): Debug: Quota root: name=User quota backend=maildir
argsdoveadm(ahelmcke): Debug: Quota rule: root=User quota mailbox=*
bytes=2097152000 messages=0
doveadm(ahelmcke): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/,
inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:/home/mail/user/ahelmcke
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke, index=,
control=, inbox=/home/mail/user/ahelmcke, altdoveadm(ahelmcke): Debug: acl:
initializing backend with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 1
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: Namespace dummy: type=private, prefix=, sep=/,
inbox=no, hidden=yes, list=no,
subscriptions=yes location=maildir:/home/mail/user/ahelmcke/public/
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke/public,
index=, control=, inbox=, altdoveadm(ahelmcke): Debug: acl: initializing backend
with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 1
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: Namespace fax: type=public, prefix=Fax/, sep=/,
inbox=no, hidden=no, list=yes,
subscriptions=no
location=maildir:/home/mail/Fax:INDEX=/home/mail/user/ahelmcke/SEEN.Fax
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/Fax,
index=/home/mail/user/ahelmcke/SEEN.Fax, control=, inbox=, altdoveadm(ahelmcke):
Debug: acl: initializing backend with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 0
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/dovecot-acl
doveadm(ahelmcke): Debug: Namespace Fax/: Using permissions from /home/mail/Fax:
mode=0700 gid=-1
doveadm(ahelmcke): Debug: Namespace INBOX/: Using permissions from
/home/mail/user/ahelmcke: mode=0700 gid=-1
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm(ahelmcke): Debug: Namespace Fax/: /home/mail/Fax/.Buhhhh doesn't
exist yet, using default permissions
doveadm(ahelmcke): Debug: Namespace Fax/: Using permissions from /home/mail/Fax:
mode=0700 gid=-1
doveadm(ahelmcke): Debug: acl vfile: reading file /home/mail/Fax/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: file /home/mail/Fax/.Buhhhh/dovecot-acl not
found
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/Fax/.Buhhhh/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/Fax/.Buhhhh/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/Fax/.Buhhhh/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/Fax/.Buhhhh/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/Fax/.Buhhhh/dovecot-acl
doveadm(ahelmcke): Debug: acl vfile: reading file
/home/mail/user/ahelmcke/dovecot-acl
doveadm -Dv mailbox create -u ahelmcke INBOX/Buhhhh
doveadm(root): Debug: Loading modules from directory: /usr/local/lib/dovecot
doveadm(root): Debug: Module loaded: /usr/local/lib/dovecot/lib01_acl_plugin.so
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/lib10_quota_plugin.so
doveadm(root): Debug: Loading modules from directory:
/usr/local/lib/dovecot/doveadm
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_acl_plugin.so
doveadm(root): Debug: Skipping module doveadm_expire_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol:
expire_set_lookup (this is usually
intentional, so just ignore this message)
doveadm(root): Debug: Module loaded:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_quota_plugin.so
doveadm(root): Debug: Skipping module doveadm_zlib_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so: undefined symbol:
i_stream_create_deflate (this is usually
intentional, so just ignore this message)
doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen()
failed:
/usr/local/lib/dovecot/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol:
fts_list_backend (this is usually
intentional, so just ignore this message)
doveadm(ahelmcke): Debug: auth input: ahelmcke quota_rule=*:storage=2000M
doveadm(ahelmcke): Debug: Added userdb setting:
plugin/quota_rule=*:storage=2000M
doveadm(ahelmcke): Debug: Effective uid=494, gid=491,
home=/home/mail/user/ahelmcke
doveadm(ahelmcke): Debug: Quota root: name=User quota backend=maildir
argsdoveadm(ahelmcke): Debug: Quota rule: root=User quota mailbox=*
bytes=2097152000 messages=0
doveadm(ahelmcke): Debug: Namespace inbox: type=private, prefix=INBOX/, sep=/,
inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:/home/mail/user/ahelmcke
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke, index=,
control=, inbox=/home/mail/user/ahelmcke, altdoveadm(ahelmcke): Debug: acl:
initializing backend with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 1
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: Namespace dummy: type=private, prefix=, sep=/,
inbox=no, hidden=yes, list=no,
subscriptions=yes location=maildir:/home/mail/user/ahelmcke/public/
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/user/ahelmcke/public,
index=, control=, inbox=, altdoveadm(ahelmcke): Debug: acl: initializing backend
with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 1
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: Namespace fax: type=public, prefix=Fax/, sep=/,
inbox=no, hidden=no, list=yes,
subscriptions=no
location=maildir:/home/mail/Fax:INDEX=/home/mail/user/ahelmcke/SEEN.Fax
doveadm(ahelmcke): Debug: maildir++: root=/home/mail/Fax,
index=/home/mail/user/ahelmcke/SEEN.Fax, control=, inbox=, altdoveadm(ahelmcke):
Debug: acl: initializing backend with data: vfile
doveadm(ahelmcke): Debug: acl: acl username = ahelmcke
doveadm(ahelmcke): Debug: acl: owner = 0
doveadm(ahelmcke): Debug: acl vfile: Global ACL directory: (none)
doveadm(ahelmcke): Debug: Namespace INBOX/: /home/mail/user/ahelmcke/.Buhhhh
doesn't exist yet, using default permissions
doveadm(ahelmcke): Debug: Namespace INBOX/: Using permissions from
/home/mail/user/ahelmcke: mode=0700 gid=-1
doveconf -n
# 2.1.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-220.7.1.el6.x86_64 x86_64 CentOS release 6.2 (Final) ext4
auth_master_user_separator = *
auth_verbose = yes
first_valid_uid = 400
mail_debug = yes
mail_gid = vmail
mail_home = /home/mail/user/%u
mail_location = maildir:/home/mail/user/%u
mail_plugins = " quota acl"
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify environment
mailbox date ihave
mbox_write_locks = fcntl
namespace dummy {
alias_for = INBOX/
hidden = yes
list = no
location = maildir:/home/mail/user/%u/public/
prefix separator = /
type = private
}
namespace fax {
location = maildir:/home/mail/Fax:INDEX=/home/mail/user/%u/SEEN.Fax
prefix = Fax/
separator = /
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location prefix = INBOX/
separator = /
type = private
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/home/mail/shared-mailboxes
quota = maildir:User quota
quota_rule = *:storage=3G
sieve = /home/mail/user/%u/sieve.active
sieve_dir = /home/mail/user/%u/sieve.scripts
}
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imap {
address = *
}
inet_listener imaps {
address = *
}
}
service managesieve-login {
inet_listener sieve {
address = *
port = 4190
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/mail.ela-soft.com.crt
ssl_key = </etc/pki/dovecot/private/mail.ela-soft.com.2048bit.nopp.key
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
protocol lda {
mail_plugins = " quota acl sieve"
}
protocol imap {
mail_plugins = " quota acl imap_quota imap_acl"
}
protocol lmtp {
mail_plugins = " quota acl sieve"
}
Robert Schetterer
2012-Apr-24 14:54 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Am 24.04.2012 16:09, schrieb Andreas Helmcke:> Setting: > - maildir with private INBOX and public folders. > - users maildir directory (/home/mail/user/ahelmcke) contains dovecot-acl file > - public folders root directory (/home/mail/Fax) contains dovecot-acl file > > When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. > When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory.i am not sure ,but but i think that works like designed http://wiki2.dovecot.org/ACL .. ACL Inheritance Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance. Namespace's default ACLs are read from "dovecot-acl" file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs. .... -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Andreas Helmcke
2012-Apr-24 15:17 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Am 24.04.2012 16:54, schrieb Robert Schetterer:> Am 24.04.2012 16:09, schrieb Andreas Helmcke: >> When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. >> When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory. > > i am not sure ,but but i think that works like designed > > http://wiki2.dovecot.org/ACL > .. > ACL Inheritance > ....I do read this as: when creating a new mailbox; acls are copied from parent. This it what it does for public folders but /not/ for the private ones. So in my opinion at least it is not working as documented.
Robert Schetterer
2012-Apr-24 15:31 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Am 24.04.2012 17:17, schrieb Andreas Helmcke:> Am 24.04.2012 16:54, schrieb Robert Schetterer: >> Am 24.04.2012 16:09, schrieb Andreas Helmcke: >>> When creating a subfolder of the public folder the dovecot-acl files gets copied to the subfolders directory as expected. >>> When creating a subfolder of the users INBOX the dovecot-acl files does /not/ get copied to the subfolders directory. >> >> i am not sure ,but but i think that works like designed >> >> http://wiki2.dovecot.org/ACL >> .. >> ACL Inheritance >> .... > > I do read this as: when creating a new mailbox; acls are copied from parent. > This it what it does for public folders but /not/ for the private ones. So in my opinion at least it is not working as > documented.i think its missunderstandable written this is what counts i think http://wiki2.dovecot.org/ACL ... "There is currently no support for ACL inheritance" .. public folders are special cases.... it makes sense to have inheritance as default acl but this may not be a good idea as default at users folders read the list archive about this stuff, i cant remember all but Timo wrote some about it, at last ,develop of that feature may be still be not finshed -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Timo Sirainen
2012-Apr-25 21:27 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
On 24.4.2012, at 17.09, Andreas Helmcke wrote:> Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls.Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well?
Andreas Helmcke
2012-May-09 10:31 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Am 25.04.2012 23:27, schrieb Timo Sirainen:> On 24.4.2012, at 17.09, Andreas Helmcke wrote: > >> Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls. > > Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well? >I am not sure if this change is part of the 2.1.6 release but I just checked again with release 2.1.6. Still the same problem.
Robert Schetterer
2012-May-09 10:52 UTC
[Dovecot] acls not copied when creating subfolder of private INBOX
Am 09.05.2012 12:31, schrieb Andreas Helmcke:> Am 25.04.2012 23:27, schrieb Timo Sirainen: >> On 24.4.2012, at 17.09, Andreas Helmcke wrote: >> >>> Using brand new dovecot 2.1.5 I still have a problem with the inheritance of acls. >> >> Maybe http://hg.dovecot.org/dovecot-2.1/rev/e8b80e0767ac fixes this as well? >> > I am not sure if this change is part of the 2.1.6 release but I just checked again with release 2.1.6. Still the same > problem.if i create a folder , set acls to it ( by manual i.e edit dovecot-acl) same acl are copied to its subfolders if the folder gets its acls from global-acl the acls arent copied to its subfolders As far i remember Timo is thinking about redesign acl config , check the list archives -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria