Re: Issue with ACLs in Dovecot 2.4

Thu, 27 Feb 2025 02:37:07 -0800 

Hi,
Thanks for your quick reply. I’ve added the suggested configuration, but the issue persists. 


The situation is even stranger than expected. I tested with both 
Thunderbird and my on-prem Roundcube webmail, and I observed different 
behaviors:


Thunderbird: Works as expected, subfolders are not created.

Webmail (Roundcube): Subfolders are created, and I see the following 
error in the logs:


Thunderbird:
 Debug: Added userdb setting: master_user=proxy_master
 Debug: Effective uid=5000, gid=5000, home=/var/mail/vhosts/username

 Debug: acl: Shared mailbox listing disabled: dict { .. } named list 
filter is missing
 Debug: open(/proc/self/io) failed: Permission denied (euid=5000(vmail) 
egid=5000(vmail) missing +r perm: /proc/self/io)
 Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, 
hidden=no, list=yes, subscriptions=yes
 Debug: maildir++: root=/var/mail/vhosts/username/Maildir, index=, 
indexpvt=, control=, inbox=/var/mail/vhosts/username/Maildir, alt=

 Debug: acl: initializing backend vfile
 Debug: acl: acl username = username
 Debug: acl: owner = yes
 Debug: acl: ignore = no

 Debug: auth-master: login: conn unix:/run/auth-master 
(pid=1844998,uid=0): Disconnected: Connection closed (fd=12)

 Debug: Command finished: namespace: OK Namespace completed.
 Debug: Command finished: COMPRESS DEFLATE
 Debug: ID sent: name=Thunderbird, version=115.18.0

 Debug: Command finished: ID ("name" "Thunderbird" "version" 
"115.18.0"): OK ID completed.

 Debug: acl: '' is not a valid mailbox name: Name is empty
 Debug: Mailbox Test: Using configured acl 'owner'
 Debug: Mailbox Test/001b: Using configured acl 'owner'
 Debug: Mailbox Test/001: Using configured acl 'owner'
 Debug: Command finished: list (subscribed) "" "*": OK List completed.
 Debug: Command finished: list "" "INBOX": OK List completed.
 Debug: Mailbox Test: Mailbox opened
 Debug: Command finished: select "Test": OK [READ-ONLY] Select completed

 Debug: Namespace inbox: Using permissions from 
/var/mail/vhosts/username/Maildir: mode=0700 gid=default

 Debug: Mailbox Test: Mailbox opened
 Debug: Command finished: create "Test/00TB": NO [NOPERM] Permission denied
 Debug: Command finished: list "" "Test": OK List completed.


Roundcube:
 Debug: Added userdb setting: master_user=proxy_master
 Debug: Effective uid=5000, gid=5000, home=/var/mail/vhosts/username

 Debug: acl: Shared mailbox listing disabled: dict { .. } named list 
filter is missing
 Debug: open(/proc/self/io) failed: Permission denied (euid=5000(vmail) 
egid=5000(vmail) missing +r perm: /proc/self/io)
 Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, 
hidden=no, list=yes, subscriptions=yes
 Debug: maildir++: root=/var/mail/vhosts/username/Maildir, index=, 
indexpvt=, control=, inbox=/var/mail/vhosts/username/Maildir, alt=

 Debug: acl: initializing backend vfile
 Debug: acl: acl username = username
 Debug: acl: owner = yes
 Debug: acl: ignore = no

 Debug: auth-master: login: conn unix:/run/auth-master 
(pid=1844998,uid=0): Disconnected: Connection closed (fd=12)
 Debug: Namespace inbox: Using permissions from 
/var/mail/vhosts/username/Maildir: mode=0700 gid=default

 Debug: Mailbox Test: Mailbox opened
 Debug: acl: '' is not a valid mailbox name: Name is empty

 Debug: Namespace inbox: /var/mail/vhosts/username/Maildir/.Test.00RC 
doesn't exist yet, using default permissions

 Mailbox Test/00RC: Mailbox created
 Debug: Mailbox Test: Mailbox opened
 Debug: Mailbox Test: Using configured acl 'owner'
 Error: acl: Can't update acl object 'Test.00RC': No local acl file path

 Debug: Mailbox INBOX: Couldn't open mailbox in list index: 
Refresh-flag set

 Debug: Mailbox Test/00RC: Mailbox opened
 Debug: Mailbox Test/00RC: Using configured acl 'owner'
 Debug: Mailbox INBOX: Mailbox opened
 Debug: Mailbox Test/00RC: Mailbox opened

 Debug: Mailbox Test/00RC: Purging (new file_seq=1740650805): copy 
cache decisions
 Debug: Mailbox Test/00RC: Purging finished, file_seq changed 0 -> 
1740650805, size=0 -> 968, max_uid=0

 Debug: Command finished: CREATE Test/00RC: OK Create completed.
 Debug: Command finished: SUBSCRIBE Test/00RC: OK Subscribe completed.
 Debug: Command finished: LIST "" Test/00RC: OK List completed.
 Debug: Command finished: LOGOUT: OK Logout completed.


Thanks,
Andrea

Il 27/02/25 10:34, Aki Tuomi via dovecot ha scritto:

On 27/02/2025 11:26 EET Andrea Gabellini via dovecot<dovecot@dovecot.org>  
wrote:


  
Hi,


I'm trying to migrate my setup to Dovecot 2.4, but I'm experiencing an
unusual issue with ACLs. After multiple tests, I’ve stripped the
configuration down to the bare minimum to pinpoint the root cause of the
problem.

Basically, if I set "owner lr" as the permissions for a folder, I am
unable to move any messages, yet I can still create subfolders. Here’s
the relevant configuration:

ini
Copia
Modifica
protocol imap {
    mail_plugins {
      acl = yes
    }
}

acl_driver = vfile
acl_globals_only = yes

namespace inbox {
    inbox = yes
    separator = /
    mailbox Test {
      acl owner {
        rights = lr
      }
    }
}

Am I missing any configuration, or have I encountered a bug?

Thanks,
Andrea


The permissions only apply to that folder, try adding

mailbox Test/* {
    acl owner {
       rights = lr
    }
}

Aki

_______________________________________________
dovecot mailing list --dovecot@dovecot.org
To unsubscribe send an email todovecot-le...@dovecot.org


--
TIM San Marino S.p.A.
Andrea Gabellini
Engineering R&D
TIM San Marino S.p.A. -https://www.telecomitalia.sm
Via Ventotto Luglio, 212 - Piano -2
47893 - Borgo Maggiore - Republic of San Marino
Tel: (+378) 0549 886237
Fax: (+378) 0549 886188


--
Informativa Privacy

Questa email ha per destinatari dei contatti presenti negli archivi di TIM San 
Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel rispetto 
della normativa vigente sulla protezione dei dati personali (Reg. EU 2016/679). 
Per richiedere informazioni e/o variazioni e/o la cancellazione dei vostri dati 
presenti nei nostri archivi potete inviare una email a priv...@telecomitalia.sm.

Avviso di Riservatezza

Il contenuto di questa e-mail e degli eventuali allegati e' strettamente 
confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete 
ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo immediatamente 
e di cancellarla dal vostro computer. E' fatto divieto di copiare e divulgare 
il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui 
contenute da parte di persone terze o comunque non indicate nella presente 
e-mail potra' essere perseguito ai sensi di legge.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org






















					Reply via email to