dovecot - Aug 2012 - ACL MySQL dict: to_user==from_user entries

Hi!

We run dovecot 2.1.6 with ACL support and MySQL dict for
shared/shared-boxes/user/$to/$from.

When a user does a SETACL (via IMAP) to himself he is added as $to and
$from to the MySQL dict.  Se for example this IMAP conversation:

5 GETACL INBOX
* ACL "INBOX" "user at domain" lrwstipekxacd
5 OK Getacl completed.
6 SETACL INBOX user at domain lrwstipekxacd
6 OK Setacl complete.
7 GETACL INBOX
* ACL "INBOX" "user at domain" akxeilprwtscd
7 OK Getacl completed.

As you can see, user at domain sets the ACL of his INBOX to the same
value it was set before (reading it from the server after this
idempotent write changed the order but none of the flags).

But after "SETACL INBOX user at domain lrwstipekxacd" I see a new
entry
in my imap_acl_shares table where to_user and from_user both contain
the value "user at domain".

As far as I can see, this entry does not make much sense in the
database, because every user should be able so see its own folders.

But adding this line may blow up the database especially according to
the full table scan problem for acl dict rebuild mentioned in
http://www.dovecot.org/list/dovecot/2012-August/067548.html.


Does it make sense to run a daily cron job, that removes all entries
with from_user=to_user or may this cause other inconsistencies?


If you need to have a look at my complete setup, it's in
http://www.dovecot.org/list/dovecot/2012-July/067130.html, so I don't
have to clone this here.


Tschoeeee

        Roland

On 29.8.2012, at 15.44, Roland Rosenfeld wrote:
> But after "SETACL INBOX user at domain lrwstipekxacd" I see a new
entry
> in my imap_acl_shares table where to_user and from_user both contain
> the value "user at domain".
> 
> Does it make sense to run a daily cron job, that removes all entries
> with from_user=to_user or may this cause other inconsistencies?
Yes. Also fixed in hg: http://hg.dovecot.org/dovecot-2.1/rev/3eaeacc85b4c