subject:"\[Dovecot\] 'r' flag in ACL stomping on 'l' flag effect"

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

2007-09-19 Thread Phil Edwards

Timo Sirainen wrote:
> All of your namespaces must use the same separator (v1.1 will check this
> itself). If you use '.' separator (default), the prefix needs to be
> "Testing.".

Ah, thank you!  I misunderstood the purpose of the prefix.

Everything seems to be working now, with only one minor bump.  The
'location=' of the shared folders looks like this (quoting from
previous email), based on http://wiki.dovecot.org/SharedMailboxes:

> # ls -lFa
> total 20
> drwxr-s---  4 ... 4096 Sep 10 17:04 ./
> drwxr-xr-t  4 ... 4096 Aug 24 16:20 ../
> drwxrws---  5 ... 4096 Sep 10 18:04 .TestOne/
> drwxrws---  5 ... 4096 Sep 10 17:16 .TestTwo/
> -rw-rw  1 ...0 Aug 24 16:21 dovecot-shared
> -rw-r--r--  1 ...   16 Sep 10 18:02 subscriptions
> #

And from the text on that wiki page, I thought dovecot-shared only
needed to be in that single place to also manage the subfolders.
However, it had no effect, and new content in the subfolders had the
wrong group and permissions.

Putting a dovecot-shared file in each of .TestOne and .TestTwo fixed
that problem, and now all the permissions are working fine.  That's
not a problem in practice now that I know to do it for new folders.

Thank you for all of your help!

--
Phil Edwards

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

2007-09-15 Thread Timo Sirainen

On Tue, 2007-09-11 at 13:24 -0400, Phil Edwards wrote:
>  >> * LIST (\Noselect \HasChildren) "." "Testing/"
>  >> * LIST (\HasNoChildren) "." "Testing/TestTwo"
>  >> * LIST (\HasNoChildren) "." "Testing/TestOne"
..
> namespace shared {
> prefix = Testing/
> location = maildir:/.../Maildir
> }

All of your namespaces must use the same separator (v1.1 will check this
itself). If you use '.' separator (default), the prefix needs to be
"Testing.".



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

2007-09-11 Thread Phil Edwards

Thank you for the fast reply!  I'm a novice when it comes to IMAP.

Timo Sirainen wrote:
> On 11.9.2007, at 0.54, Phil Edwards wrote:
>
>> 2 list "" *
>> * LIST (\Noselect \HasChildren) "." "Testing/"
>> * LIST (\HasNoChildren) "." "Testing/TestTwo"
>> * LIST (\HasNoChildren) "." "Testing/TestOne"
>> 2 OK List completed.
>> 3 subscribe "Testing/TestTwo"
>> 3 NO Permission denied
>
> This isn't about ACL, this is because your hieraracy separator is "."
> and "/" isn't then allowed in mailbox names. I've no idea how you've
> managed to create mailboxes with "/" in them in the first place, or how
> LIST is showing them. Any ideas? :)

They weren't created over IMAP; I couldn't get Dovecot+Thunderbird to
see the public area until I had created mailboxes by hand.  (That
restriction may be by design, and seems perfectly reasonable to me, so
I'm not complaining.)

The bits in the dovecot conf file are:

namespace shared {
   prefix = Testing/
   location = maildir:/.../Maildir
}

and in that Maildir are:
# ls -lFa
total 20
drwxr-s---  4 ... 4096 Sep 10 17:04 ./
drwxr-xr-t  4 ... 4096 Aug 24 16:20 ../
drwxrws---  5 ... 4096 Sep 10 18:04 .TestOne/
drwxrws---  5 ... 4096 Sep 10 17:16 .TestTwo/
-rw-rw  1 ...0 Aug 24 16:21 dovecot-shared
-rw-r--r--  1 ...   16 Sep 10 18:02 subscriptions
#

and 'subscriptions' consists of:
TestOne
TestTwo

From what you've just said, I'm guessing that I need to go back and
add a 'separator=???' assignment to both the private and public
namespace blocks in the dovecot conf file.  Currently they're all just
using whatever the default is ("depends on the underlying mail storage
format", apparently a "." but it's a pain finding an authoritative
description).  I've been hesitant to change that from the default,
because I can find so little documentation on how those changes appear
to client software.

--
Phil Edwards

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

2007-09-10 Thread Timo Sirainen


On 11.9.2007, at 0.54, Phil Edwards wrote:


2 list "" *
* LIST (\Noselect \HasChildren) "." "Testing/"
* LIST (\HasNoChildren) "." "Testing/TestTwo"
* LIST (\HasNoChildren) "." "Testing/TestOne"
2 OK List completed.
3 subscribe "Testing/TestTwo"
3 NO Permission denied


This isn't about ACL, this is because your hieraracy separator is "."  
and "/" isn't then allowed in mailbox names. I've no idea how you've  
managed to create mailboxes with "/" in them in the first place, or  
how LIST is showing them. Any ideas? :)




PGP.sig
Description: This is a digitally signed message part

[Dovecot] 'r' flag in ACL stomping on 'l' flag effect

2007-09-10 Thread Phil Edwards


We're using Dovecot 1.0.3, and I'm setting up some shared IMAP
folders.  The eventual goal is to do the standard "learn as spam" /
"learn as ham" type of setup, with some cron jobs to do the message
extractions.

But there's one minor twist:  the "learn as ham" folder will need to
be write-only for users.  (I'll either create a fake user with read
access to extract the mail for sa-learn, or do some local filesystem
access, etc.  A problem for a future day.)  The issue is that some of
the mail being misclassified might contain sensitive information.  So
users should be able to copy messages into that folder, but not list
or read other messages.  (Yes, they will be removed from the folder by
the future sa-learn script, don't worry.)

I can get normal operation with the ACL plugin and a global ACL file:

# "TestTwo" mailbox acl file:
authenticated  lrwik

* OK Dovecot ready.
1 login 
1 OK Logged in.
2 list "" *
* LIST (\Noselect \HasChildren) "." "Testing/"
* LIST (\HasNoChildren) "." "Testing/TestTwo"
* LIST (\HasNoChildren) "." "Testing/TestOne"
2 OK List completed.
3 select "Testing/TestTwo"
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] 
Flags permitted.

* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1189458953] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
3 OK [READ-WRITE] Select completed.

Now, I change the TestTwo acl file to read

authenticated  lwik

but can no longer subscribe to the folder:

1 login 
1 OK Logged in.
2 list "" *
* LIST (\Noselect \HasChildren) "." "Testing/"
* LIST (\HasNoChildren) "." "Testing/TestTwo"
* LIST (\HasNoChildren) "." "Testing/TestOne"
2 OK List completed.
3 subscribe "Testing/TestTwo"
3 NO Permission denied

According to http://wiki.dovecot.org/ACL, the 'l' flag means "Mailbox
is visible in mailbox list. Mailbox can be subscribed to." but the
second part of that statement is not actually happening.

Is this a misunderstanding on my part, or a bug?


--
Phil Edwards

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

Re: [Dovecot] 'r' flag in ACL stomping on 'l' flag effect

[Dovecot] 'r' flag in ACL stomping on 'l' flag effect

5 matches

Site Navigation

Mail list logo

Footer information