[Dovecot] IMAP ACLs and global ACLs in v1.2

Timo Sirainen tss at iki.fi
Sun Nov 16 05:50:19 EET 2008


On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote:

> Any thoughts?

Also: Users probably shouldn't be able to remove administrator access  
from themselves in their own mailboxes? A global ACL would be able to  
do that, but if there are no global ACLs I'm thinking that the admin  
access would be allowed regardless of how the local ACLs are  
configured. The admin access could be removed by one of owner, user or  
group-override. I think maybe SETACL owner could refuse to drop the  
'a' right (wouldn't give an error, but it would just not remove it),  
but if user or group-override drops the admin right there's nothing to  
be done there. Instead then GETACL's output just wouldn't match  
MYRIGHTS output.

I'm not sure what to do about ACLs when renaming a private mailbox to  
shared namespace. Currently this isn't even possible, but it should be  
pretty easy to implement. In this case user could lose access to the  
entire mailbox if ACLs aren't set properly. Perhaps the RENAME could  
add user=<name> <all rights> automatically when renaming the mailbox?  
And if adding that didn't give user 'lra' rights (because of group- 
override or global ACLs) it would refuse the RENAME? After those  
checks at least it would be guaranteed that user has some access to  
the mailbox and hopefully even be able to RENAME it back if it was an  
accident.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081116/57748b55/attachment.bin 


More information about the dovecot mailing list