Univention Bugzilla – Bug 40037
Unable to remove/move mails from shared folder
Last modified: 2016-01-20 13:44:36 CET
Ticket #2015111121001141 The dovecot shared folder listener module does not set the "expunge" permission if "write" or "all" is selected in UDM for IMAP ACLs. Due to the missing "expunge" permission, users are unable to remove mails from shared folder or to move mails from a shared folder to a different folder. The user gets "permission denied".
The "expunge" permission has been added. To add expunge permission on existing dovecot shared folder, the script reapply_shared_folder_acls is called in univention-mail-dovecot's join script. reapply_shared_folder_acls may be found in /usr/share/univention-mail-dovecot/ and can be called at any time as user root to reapply the IMAP ACLs. univention-mail-dovecot (1.0.1-1): r66188 | Bug #40037: add IMAP permission expunge if shared folder permission write or all has been selected univention-mail-dovecot.yaml: r66189 | Bug #40037: updated yaml r66187 | Bug #40037: added yaml For test commands see bug #40038.
OK: code review OK: advisory OK: manual tests: root@dc2000:~# eval $(ucr shell) root@dc2000:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub1 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read" Object created: cn=pub1@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr root@dc2000:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub2 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read" --set mailPrimaryAddress=pub2m@uni.dtr Object created: cn=pub2@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr root@dc2000:~# cp /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl pub1-before root@dc2000:~# cp /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl pub2m-before root@dc2000:~# diff pub1-before pub2m-before root@dc2000:~# univention-upgrade root@dc2000:~# grep univention-mail-dovecot /var/univention-join/status univention-mail-dovecot v1 successful univention-mail-dovecot v2 successful root@dc2000:~# cat /var/log/univention/reapply_shared_folder_acls.log 02.12.15 13:40:05.495 DEBUG_INIT 02.12.15 13:40:05.499 MAIN ( INFO ) : Initialising reapply_shared_folder_acls... 02.12.15 13:40:05.535 MAIN ( INFO ) : Looking for objects matching to following LDAP filter: (&(objectClass=univentionMailSharedFolder)(univentionMailHomeServer=dc2000.uni.dtr)) 02.12.15 13:40:05.538 MAIN ( PROCESS ) : DN: 'cn=pub1@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr' 02.12.15 13:40:06.478 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Updated shared mailbox configuration. 02.12.15 13:40:06.609 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub1@uni.dtr'. 02.12.15 13:40:06.609 MAIN ( PROCESS ) : ACLs updated 02.12.15 13:40:06.609 MAIN ( PROCESS ) : DN: 'cn=pub2@uni.dtr,cn=folder,cn=mail,dc=uni,dc=dtr' 02.12.15 13:40:06.688 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub2m@uni.dtr'. 02.12.15 13:40:06.688 MAIN ( PROCESS ) : ACLs updated 02.12.15 13:40:06.688 MAIN ( PROCESS ) : Done root@dc2000:~# diff pub1-before /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl 1,2c1,2 < user=test1m@uni.dtr ilprwts < user=test2m@uni.dtr ailprwts --- > user=test1m@uni.dtr eilprwts > user=test2m@uni.dtr aeilprwts root@dc2000:~# diff pub2m-before /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl 1,2c1,2 < user=test1m@uni.dtr ilprwts < user=test2m@uni.dtr ailprwts --- > user=test1m@uni.dtr eilprwts > user=test2m@uni.dtr aeilprwts root@dc2000:~# diff /var/spool/dovecot/public/uni.dtr/pub1/.INBOX/dovecot-acl /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl * Manual tests with Horde webmail worked as expected.
<http://errata.software-univention.de/ucs/4.0/388.html>