RFC patch: Deny removal of folder owner ACLs
Bron Gondwana
brong at fastmail.fm
Wed Mar 30 04:05:27 EDT 2011
On Thu, 17 Mar 2011 14:19:31 +0100
Guilherme Maciel Ferreira <guilherme.maciel.ferreira at intra2net.com> wrote:
> Hi,
>
> We found a bug in the cyrus-imapd-2.4.6-keep-owner-rights patch. That occur in
> the SETACL command, when trying to remove the admin rights. Thus, the
> following command should work, but does not:
> SETACL mailbox mailboxowner -xi
>
> And this one should not work, but actually works:
> SETACL mailbox mailboxowner -a
>
> Attached is a patch to fix this issue.
>
> Kind regards,
>
> On Friday 04 February 2011 10:38:44 you wrote:
> > Guilherme Maciel Ferreira wrote:
> > > Hi,
> > >
> > > here is the patch against the master.
> >
> > Applied and pushed, with full attribution, thanks!
> >
> > Kind regards,
> >
> > Jeroen van Meeuwen
I'd like to put this into 2.4.7 - but I'm still confused by a few things!
1) ACL_MODE_ADD - it's now not being checked for any more, only ACL_MODE_SET and ACL_MODE_REMOVE. I guess the theory is that ADD can never remove a permission...
2) how does this interact with mboxlist_ensureOwnerRights - which looks like it enforces pretty much the same thing, just doesn't complain about it...
Bron.
More information about the Cyrus-devel
mailing list