ACLs and cross-namespace move problem

Marc Patermann hans.moser at ofd-z.niedersachsen.de
Mon Mar 11 10:33:42 EDT 2013 

Thomas,

Thomas Cataldo schrieb (11.03.2013 10:21 Uhr):

> I have a problem with shared user mailboxes and permissions on cyrus 2.4.16.
> 
> User A has read/write access on user B ("lrswipkxte")
> 
> Folders looks like this for user A:
> 
>    INBOX
>    Archive
>       2012
>    Other Users/ <== the user's namespace
>         B (user B inbox)
>             Sent
>             Drafts
>             Trash
> 
> User A wants to move the Archive folder to User B. He does a simple 
> drag&drop in thunderbird for his box to Other Users/B.
> 
> With its knowledge of permissions, thunderbird issues a RENAME :
> 
> RENAME Archive OtherUsers/B/Archive
> 
> Cyrus does not detect completely that the rename crosses a namespace 
> boundary. The Archive folder is at the right place on the filesystem :
> 
> /var/spool/cyrus/willow_vmw/domain/w/willow.vmw/b/user/b/Archive
> 
> But only A has permissions on it whereas the documentation states that:
> 
> "Note that some rights are available implicitly, for example 'anonymous' 
> always has 'p' on user INBOXes, and users always have rights on 
> mailboxes within their INBOX hierarchy."
Do you have a link?

> I think Archive should qualify as "user B always has rights on mailboxes 
> within the INBOX hierarchy, like the Archive folder".
> When I look at the permissions with cyradm, I have :
> 
> localhost> lam user/b at willow.vmw
> b at willow.vmw lrswipkxtecda
> admin0 lrswipkxtecda
> a at willow.vmw lrswipkxtecd
> 
> localhost> lam user/b/Archive at willow.vmw
> admin0 lrswipkxtecda
> a at willow.vmw lrswipkxtecda
> 
> 
> Do I mis-understand something or should I file a bug ? (I am using unix 
> hierarchy sep + altnamespace)
I think this has always been this way.
If you create a subfolder it inherits the rights from the upper level 
and so you have the same right for INBOX and subfolders, as long as you 
do not change the rights. You can always revoke your own rights, I think.
Moving/renaming a folder has always (as far I remember for 2.2. und 2.3) 
  been keeping the rights with the folder.


Marc

More information about the Info-cyrus mailing list