ACL hide folders

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ACL hide folders

Dovecot mailing list
After updating from 2.2.22 to 2.2.33 rsp 2.3.8 my ACLs went bust.

Below line in the global acl file hides all folders except INBOX for all
users

> * group=ALL

Next reenable certain folders, eg:

> Sent group=ALL lrwsi

This made anyone see "Sent" in 2.2.22, but no longer so in 2.2.33


Any ideas how to have it like before?


--
peter
Reply | Threaded
Open this post in threaded view
|

Re: ACL hide folders

Dovecot mailing list
Am 02.12.19 um 13:35 schrieb Peter Chiochetti via dovecot:

> After updating from 2.2.22 to 2.2.33 rsp 2.3.8 my ACLs went bust.
>
> Below line in the global acl file hides all folders except INBOX for all
> users
>
>> * group=ALL
>
> Next reenable certain folders, eg:
>
>> Sent group=ALL lrwsi
>
> This made anyone see "Sent" in 2.2.22, but no longer so in 2.2.33
>
>
> Any ideas how to have it like before?
>
>
PS: my setup is a little contrived, but perhaps, this can be seen more
widely? Attached acl-debug output; I suppose, it clearly states, the
mailbox is visible in LIST - connecting with telnet I can select the
mailbox and fetch messages, though it does not appear in LIST

--
peter

dovecot-acl-debug.txt (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ACL hide folders

Dovecot mailing list
In reply to this post by Dovecot mailing list
Am 02.12.19 um 13:35 schrieb Peter Chiochetti via dovecot:

> After updating from 2.2.22 to 2.2.33 rsp 2.3.8 my ACLs went bust.
>
> Below line in the global acl file hides all folders except INBOX for all
> users
>
>> * group=ALL
>
> Next reenable certain folders, eg:
>
>> Sent group=ALL lrwsi
>
> This made anyone see "Sent" in 2.2.22, but no longer so in 2.2.33
>
>
> Any ideas how to have it like before?
>
>

PPS: turning on mail_debug=yes, dovecot logs

> imap(...): Debug: acl: Mailbox not in dovecot-acl-list: Sent

Yet, I have configured acl_globals_only = yes

--
peter
Reply | Threaded
Open this post in threaded view
|

ACL: dovecot-acl-list and acl_globals_only

Dovecot mailing list
In reply to this post by Dovecot mailing list
Reword of attempt from last week, also workaround/possible culprit found:

In dovecot 2.2.22 the stanza "* group=Guest" in the global ACL vfile did
stop dovecot from showing anybody in group "Guest" any mailbox but INBOX
in imap LIST command.

So I had to grant lookup right extra, eg. "Sent group=ALL lrwsi" to show
the Sent mailbox and also allow insert etc.

The use case is very simple: First, take away all the rights,
selectively grant rights afterwards.

After upgrading to 2.2.33 recently, only INBOX got shown. No way to
grant any more rights. Turning on mail_debug=yes, dovecot logged

> imap(...): Debug: acl: Mailbox not in dovecot-acl-list: Sent

Yet, I had configured acl_globals_only = yes, so dovecot-acl-list should
not matter at all, should'nt it?

Indeed, there was commit 95c8d28ebfc13f3252b71c71f3d5c0d809110a08 in the
time between 2.2.22 and 2.2.33 concerning just this.

Further indeed, removing acl_globals_only from my local.conf re-enables
the 2.2.22 behaviour (at least now, with 2.3.9).

Performance impact for me is negligible. Maybe there is a regression
lurking in acl_mailbox_list_iter_next_info, in that a list is expected,
that wont ever exist, with acl_globals_only on?

--
peter