Timo Sirainen <[email protected]> writes: > On Wed, 2009-03-04 at 17:01 +0100, Sascha Wilde wrote: >> Hi *, >> >> The problem is most noticeable when a user shares his INBOX[0][1] with >> others: >> >> User A sets his INBOX acls to "eilprwtsd" >> >> Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and >> their contents of User A: > > That shouldn't happen. There's no code for doing recursive ACLs. Sounds > more like a bug somewhere. I'll check it later.
Thanks. >> * ACL "INBOX" "[email protected]" akxeilprwtscd "[email protected]" >> eilprwtsd "[email protected]" lrwstipekxacd > > [email protected] is there twice?.. Oh, haven't noticed that, but yes its actually there twice. The dovecot-acl file contains: [email protected] akxeilprwts [email protected] eilprwts >> * LIST (\HasChildren) "/" "user/[email protected]/foobar" > > How does user B see this mailbox's ACLs? Is the mailbox also selectable? Well good question -- unfortunately I can't tell: both getacl and myrights on "user/[email protected]/foobar" make the imap process die on SIGV... :-( cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgp70TpCvjysr.pgp
Description: PGP signature
