We run a somewhat sizeable web mail service on top of cyrus imapd (this was just recently moved from a database-backed system). Since the web service's users already had usernames restricted to [a-zA-Z0-9_-] we decided not to mangle them further. Today this bit us back, since a number of users had - as the first character of their username. Due to the way cyrus_acl_myrights() works, their rights to their own INBOX were getting subtracted from the final rights mask. SELECT INBOX was then failing with 'Nonexistent mailbox'. Since admin could access these mailboxes fine, it took a while with gdb to figure out what was actually going on. While the effect of - is documented in acl-extension, this failure mode caused more worries about mailboxes.db corruption or something more sinister. It might be a good idea to have some way of dealing with these users (without disabling the 'negative rights' functionality completely as I did) or at least note this as a caveat in naming users (or maybe I just didn't see the caveat). -- Valtteri Vuorikoski <[EMAIL PROTECTED]> Magenta Sites +358 400 833 196
