dovecot - Apr 2012 - question dovecot Inheritance global acl vs userfolder acl

Hi Timo
my tests resulted in
inheritance is given if a userfolder has set some acl to its new created
subfolder , which is nice

if some userfolder has its acl from global acl
there is no inheritance to its new created subfolders,
that subfolders will always created with full owner rights

i am not really sure if its a good idea
to have inheritance from global acl and
if its hackabel what is your idea to this ?
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

On Mon, 2012-04-30 at 20:55 +0200, Robert Schetterer
wrote:
> Hi Timo
> my tests resulted in
> inheritance is given if a userfolder has set some acl to its new created
> subfolder , which is nice
> 
> if some userfolder has its acl from global acl
> there is no inheritance to its new created subfolders,
> that subfolders will always created with full owner rights
> 
> i am not really sure if its a good idea
> to have inheritance from global acl and
> if its hackabel what is your idea to this ?
There is no ACL inheritance feature in Dovecot at all. The only thing
that kind of appears as being inheritance is that when you create a new
mailbox, its ACLs are copied from the parent's (but any future changes
to parent ACLs won't change the child's.)

I've been planning on changing how global ACLs work though. The idea
would be that you'd have a single dovecot-global-acl file that has
fields:

<mailbox pattern> <ACL>

So for example you could say:

foo user=tss lrw

This would work the same way as now. But you could also add:

foo/* user=admin lrwstipekxa

This would also apply to the children. Still, none of this is really
"inheritance".