On Thu, Dec 30, 2010 at 10:45:18AM +0100, Guilherme Maciel Ferreira wrote: Gosh - sorry nobody responded to this!
> We were having problems with some users who deleted all ACL rights > from a folder, rendering the mailbox inaccessible. > > There's already a feature in cyrus that the folder owner can't > delete his own administration rights (implicit acls). > > This left one hole in the protection which is still cumbersome to the users: > If user A has admin rights over user B's mailbox, user A can remove the admin > rights from user B, either by DELETEACL B, or by SETACL B with more > restrictive access rights. That sounds like a bug in implicit acls to me. They should be implicit no matter what! > So we changed the imap server to avoid such kind of behavior. The patch was > developed for version 2.3.16. It is possible to roll back to the default > behavior through the imapd.conf variable "owneralwaysadmin=no". I think it would be reasonable to just tie it to implicit acls rather than creating another switch. That sound good to you? I like the idea - and it would be great if you did a patch again git master at http://git.cyrusimap.org/ - follow the links. Or if you use git you can just fork it and ask us to pull your branch! That way you get full credit :) Bron.
