Hello,
When dovecot is configured with "acl_defaults_from_inbox = yes", ACL
propagation when creating folders seems a bit strange to us.
The current behavior is :
- INBOX has some ACLs defined in its dovecot-acl file
- This ACL is the default for subfolders without a dovecot-acl file
inside ("acl_defaults_from_inbox = yes")
- When creating a folder, a dovecot-acl file is created inside this
folder with a copy of the contents of the dovecot-acl from the INBOX
The behavior we expected was :
- INBOX has some ACLs defined in its dovecot-acl file
- This ACL is the default for subfolders without a dovecot-acl file inside
- When creating a folder directly under INBOX, a dovecot-acl file should
not be created, as the default from INBOX is already enforced. For
subfolders, defaults from INBOX should not be propagated either in the
dovecot-acl files.
Although dovecot-acl files in subfolders allow to have exceptions, most
usage of "acl_defaults_from_inbox = yes" is probably to have
mailbox-wide ACLs. In the current behavior, when someone removes an ACL
from the INBOX, it will still be present in subfolders, which is
error-prone in a setup where users expect that their INBOX ACL is
enforced throughout their mailbox.
I think that avoiding propagating INBOX ACL when creating a new folder
in the case where "acl_defaults_from_inbox" is activated would be more
intuitive. Am I missing something ?
Cheers,
Francois
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
