- Previous message: Ken Murchison: "Re: Cyrus IMAPd 2.3.10 Released"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Alain Spineux (no email)
Date: Thu Nov 08 2007 - 07:49:20 EST
Hi
A user having administrative right on another mailbox can remove all
rights (including implicite ones) to the owner's mailbox.
I don't things is an expected feature!
Right ?
A buggy(*) test try to prevent to owner to remove its own right but
don't apply for other non admin user !
*buggy because the test compare the userid with the mailbox name, and
both use different syntax
regarding the use of "." and "^"
This work for "" == "" but
dont work for "" == ""
Also the test compare the userid (aka the login of the user) with the
owner of the mailbox
to "activate" the implicit ACL instead of comparing the identifier (in
the setacl command) and the owner !
user3 is to remove "a" right of user2 on mailbox of user1, because user2!=user1
But should not be able to remove "a" right of user1 on user1's mailbox
because user1==user1.
I was on the way of correcting the " ==
"foo^" test
but found the mismatch between userid and identifier and wouldlike to
be sure this is a bug
and not a feature.
Regards.
-- Alain Spineux aspineux gmail com May the sources be with you ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|