[Dovecot] 'r' flag in ACL stomping on 'l' flag effect
Phil Edwards
pedwards at precisionfc.com
Tue Sep 11 00:54:52 EEST 2007
We're using Dovecot 1.0.3, and I'm setting up some shared IMAP
folders. The eventual goal is to do the standard "learn as spam" /
"learn as ham" type of setup, with some cron jobs to do the message
extractions.
But there's one minor twist: the "learn as ham" folder will need to
be write-only for users. (I'll either create a fake user with read
access to extract the mail for sa-learn, or do some local filesystem
access, etc. A problem for a future day.) The issue is that some of
the mail being misclassified might contain sensitive information. So
users should be able to copy messages into that folder, but not list
or read other messages. (Yes, they will be removed from the folder by
the future sa-learn script, don't worry.)
I can get normal operation with the ACL plugin and a global ACL file:
# "TestTwo" mailbox acl file:
authenticated lrwik
* OK Dovecot ready.
1 login ........
1 OK Logged in.
2 list "" *
* LIST (\Noselect \HasChildren) "." "Testing/"
* LIST (\HasNoChildren) "." "Testing/TestTwo"
* LIST (\HasNoChildren) "." "Testing/TestOne"
2 OK List completed.
3 select "Testing/TestTwo"
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)]
Flags permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1189458953] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
3 OK [READ-WRITE] Select completed.
Now, I change the TestTwo acl file to read
authenticated lwik
but can no longer subscribe to the folder:
1 login ........
1 OK Logged in.
2 list "" *
* LIST (\Noselect \HasChildren) "." "Testing/"
* LIST (\HasNoChildren) "." "Testing/TestTwo"
* LIST (\HasNoChildren) "." "Testing/TestOne"
2 OK List completed.
3 subscribe "Testing/TestTwo"
3 NO Permission denied
According to http://wiki.dovecot.org/ACL, the 'l' flag means "Mailbox
is visible in mailbox list. Mailbox can be subscribed to." but the
second part of that statement is not actually happening.
Is this a misunderstanding on my part, or a bug?
--
Phil Edwards
More information about the dovecot
mailing list