Timo Sirainen <t...@iki.fi> writes: > On Wed, 2009-03-04 at 17:01 +0100, Sascha Wilde wrote: >> Hi *, >> >> The problem is most noticeable when a user shares his INBOX[0][1] with >> others: >> >> User A sets his INBOX acls to "eilprwtsd" >> >> Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and >> their contents of User A: > > That shouldn't happen. There's no code for doing recursive ACLs. Sounds > more like a bug somewhere. I'll check it later.
Thanks. >> * ACL "INBOX" "a...@example.com" akxeilprwtscd "b...@example.com" >> eilprwtsd "a...@example.com" lrwstipekxacd > > a...@example.com is there twice?.. Oh, haven't noticed that, but yes its actually there twice. The dovecot-acl file contains: use...@example.com akxeilprwts use...@example.com eilprwts >> * LIST (\HasChildren) "/" "user/1...@aztec.intevation.de/foobar" > > How does user B see this mailbox's ACLs? Is the mailbox also selectable? Well good question -- unfortunately I can't tell: both getacl and myrights on "user/1...@aztec.intevation.de/foobar" make the imap process die on SIGV... :-( cheers sascha -- Sascha Wilde OpenPGP key: 4BB86568 http://www.intevation.de/~wilde/ http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgp70TpCvjysr.pgp
Description: PGP signature
