Robert Schetterer
2012-Apr-30 18:55 UTC
[Dovecot] question dovecot Inheritance global acl vs userfolder acl
Hi Timo my tests resulted in inheritance is given if a userfolder has set some acl to its new created subfolder , which is nice if some userfolder has its acl from global acl there is no inheritance to its new created subfolders, that subfolders will always created with full owner rights i am not really sure if its a good idea to have inheritance from global acl and if its hackabel what is your idea to this ? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Timo Sirainen
2012-May-01 00:29 UTC
[Dovecot] question dovecot Inheritance global acl vs userfolder acl
On Mon, 2012-04-30 at 20:55 +0200, Robert Schetterer wrote:> Hi Timo > my tests resulted in > inheritance is given if a userfolder has set some acl to its new created > subfolder , which is nice > > if some userfolder has its acl from global acl > there is no inheritance to its new created subfolders, > that subfolders will always created with full owner rights > > i am not really sure if its a good idea > to have inheritance from global acl and > if its hackabel what is your idea to this ?There is no ACL inheritance feature in Dovecot at all. The only thing that kind of appears as being inheritance is that when you create a new mailbox, its ACLs are copied from the parent's (but any future changes to parent ACLs won't change the child's.) I've been planning on changing how global ACLs work though. The idea would be that you'd have a single dovecot-global-acl file that has fields: <mailbox pattern> <ACL> So for example you could say: foo user=tss lrw This would work the same way as now. But you could also add: foo/* user=admin lrwstipekxa This would also apply to the children. Still, none of this is really "inheritance".