On 4.9.2013, at 17.20, Lars Uhlmann <dove...@lars-uhlmann.de> wrote:
> I have configured an public namespace "Test" for a group of users:
>
> | namespace public {
> | separator = .
> | prefix = Test.
> | location = maildir:/mailroot/public/Test
> | hidden = no
> | list = yes
> | subscriptions = yes
> | }
>
> Using each users own subscription file for a public mailbox doesn't
> make sense when the mailbox is heavily used. Every directory operation
> (create/rename) needs to be synced between all subscribers
> automatically and immediately. So I set "subscriptions = yes".
>
> My ACLS look like this:
>
> | user=mark lrwstiekx
> | user=tim lrwstiekx
> | user=max lr
> | user=jenny lrwstiekx
> | user=louis lr
>
>
> Nevertheless _all_ my mail users still have access to the namespace's
> directory tree.
> It is my understanding that when a user doesn't has 'lookup' access, he
> should not be able to subscribe to this mailbox.
> In my opinion this is a security problem. ACLs must be processed
> _before_ a shared subscrition file is parsed.
Well, it shouldn't happen in all situations. It's comparable to deleting a
subscribed mailbox, which also doesn't remove the subscription automatically.
But yeah, I guess the behavior can be changed for your use case:
http://hg.dovecot.org/dovecot-2.2/rev/1cf67db75455
I think a better solution would be to still have a per-user subscriptions file,
but automatically subscribe to newly seen shared folders that are marked with
autosubscribe-flag. Of course, there's currently no way to do that.
