Univention Bugzilla – Bug 40038
UCS41: Unable to remove/move mails from shared folder
Last modified: 2015-12-09 16:43:39 CET
This has to be fixed for UCS 4.1, too. +++ This bug was initially created as a clone of Bug #40037 +++ Ticket #2015111121001141 The dovecot shared folder listener module does not set the "expunge" permission if "write" or "all" is selected in UDM for IMAP ACLs. Due to the missing "expunge" permission, users are unable to remove mails from shared folder or to move mails from a shared folder to a different folder. The user gets "permission denied".
*** Bug 40190 has been marked as a duplicate of this bug. ***
The "expunge" permission has been added. To add expunge permission on existing dovecot shared folder, the script reapply_shared_folder_acls is called in univention-mail-dovecot's join script. 2015-11-18-univention-mail-dovecot.yaml: r66186 | Bug #40038: updated yaml r66180 | Bug #40038: Updated yaml univention-mail-dovecot (2.0.1-1): r66179 | Bug #40038: add IMAP permission expunge if shared folder permission write or all has been selected Test setup: root@master94:/usr/share/ucs-test/40_mail# udm mail/folder list DN: cn=folder-ohne@nstx.local,cn=domain,cn=mail,dc=nstx,dc=local ARG: None sharedFolderUserACL: mail1@nstx.local read sharedFolderUserACL: mail2@nstx.local append sharedFolderUserACL: mail3@nstx.local write sharedFolderUserACL: mail4@nstx.local all mailDomain: nstx.local sharedFolderGroupACL: Domain Admins all sharedFolderGroupACL: Windows Hosts write name: folder-ohne mailHomeServer: master94.nstx.local mailPrimaryAddress: None cyrus-userquota: None DN: cn=folder-mit@nstx.local,cn=domain,cn=mail,dc=nstx,dc=local ARG: None sharedFolderUserACL: mail1@nstx.local read sharedFolderUserACL: mail2@nstx.local append sharedFolderUserACL: mail3@nstx.local write sharedFolderUserACL: mail4@nstx.local all mailDomain: nstx.local sharedFolderGroupACL: Domain Admins all sharedFolderGroupACL: Windows Hosts write name: folder-mit mailHomeServer: master94.nstx.local mailPrimaryAddress: folder-mit@nstx.local cyrus-userquota: None # (doveadm acl get -u mail4@nstx.local folder-ohne@nstx.local/INBOX ; \ doveadm acl get -u mail4@nstx.local shared/folder-mit@nstx.local) > BEFORE 2>&1 # echo "deb http://192.168.0.10/build2/ ucs_4.1-0-errata4.1-0/all/" \ >> /etc/apt/sources.list # echo "deb http://192.168.0.10/build2/ ucs_4.1-0-errata4.1-0/$(ARCH)/" \ >> /etc/apt/sources.list # univention-install univention-mail-dovecot # (doveadm acl get -u mail4@nstx.local folder-ohne@nstx.local/INBOX ; \ doveadm acl get -u mail4@nstx.local shared/folder-mit@nstx.local) > AFTER 2>&1 # wdiff BEFORE AFTER ID Global Rights group=Domain Admins admin {+expunge+} insert lookup post read write write-deleted write-seen group=Windows Hosts {+expunge+} insert lookup post read write write-deleted write-seen user=mail1@nstx.local lookup read write write-seen user=mail2@nstx.local insert lookup post read write write-seen user=mail3@nstx.local {+expunge+} insert lookup post read write write-deleted write-seen user=mail4@nstx.local admin {+expunge+} insert lookup post read write write-deleted write-seen ID Global Rights group=Domain Admins admin {+expunge+} insert lookup post read write write-deleted write-seen group=Windows Hosts {+expunge+} insert lookup post read write write-deleted write-seen user=mail1@nstx.local lookup read write write-seen user=mail2@nstx.local insert lookup post read write write-seen user=mail3@nstx.local {+expunge+} insert lookup post read write write-deleted write-seen user=mail4@nstx.local admin {+expunge+} insert lookup post read write write-deleted write-seen
OK: code review OK: advisory OK: manual tests: root@Test35:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub1 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read" root@Test35:~# udm mail/folder create --position cn=folder,cn=mail,$ldap_base --set name=pub2 --set mailDomain=$domainname --set mailHomeServer=$hostname.$domainname --append sharedFolderUserACL="test1m@uni.dtr write" --append sharedFolderUserACL="test2m@uni.dtr all" --append sharedFolderUserACL="test3m@uni.dtr read" --set mailPrimaryAddress=pub2m@uni.dtr root@Test35:~# cp /var/spool/dovecot/public/Uni.Dtr/pub1/.INBOX/dovecot-acl pub1-before root@Test35:~# cp /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl pub2m-before root@Test35:~# cat pub1-before user=test1m@uni.dtr ilprwts user=test2m@uni.dtr ailprwts user=test3m@uni.dtr lrws root@Test35:~# diff pub1-before pub2m-before root@Test35:~# univention-upgrade root@Test35:~# grep univention-mail-dovecot /var/univention-join/status univention-mail-dovecot v1 successful univention-mail-dovecot v2 successful root@Test35:~# cat /var/log/univention/reapply_shared_folder_acls.log 09.12.15 09:17:40.217 DEBUG_INIT 09.12.15 09:17:40.224 MAIN ( INFO ) : Initialising reapply_shared_folder_acls... 09.12.15 09:17:40.268 MAIN ( INFO ) : Looking for objects matching to following LDAP filter: (&(objectClass=univentionMailSharedFolder)(univentionMailHomeServer=Test35.Uni.Dtr)) 09.12.15 09:17:40.270 MAIN ( PROCESS ) : DN: 'cn=pub1@Uni.Dtr,cn=folder,cn=mail,dc=Uni,dc=Dtr' 09.12.15 09:17:41.464 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Updated shared mailbox configuration. 09.12.15 09:17:41.623 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub1@Uni.Dtr'. 09.12.15 09:17:41.623 MAIN ( PROCESS ) : ACLs updated 09.12.15 09:17:41.623 MAIN ( PROCESS ) : DN: 'cn=pub2@Uni.Dtr,cn=folder,cn=mail,dc=Uni,dc=Dtr' 09.12.15 09:17:41.714 LISTENER ( PROCESS ) : reapply_shared_folder_acls: Set ACLs on 'pub2m@uni.dtr'. 09.12.15 09:17:41.715 MAIN ( PROCESS ) : ACLs updated 09.12.15 09:17:41.715 MAIN ( PROCESS ) : Done root@Test35:~# diff pub1-before /var/spool/dovecot/public/Uni.Dtr/pub1/.INBOX/dovecot-acl 1,2c1,2 < user=test1m@uni.dtr ilprwts < user=test2m@uni.dtr ailprwts --- > user=test1m@uni.dtr eilprwts > user=test2m@uni.dtr aeilprwts root@Test35:~# diff pub2m-before /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl 1,2c1,2 < user=test1m@uni.dtr ilprwts < user=test2m@uni.dtr ailprwts --- > user=test1m@uni.dtr eilprwts > user=test2m@uni.dtr aeilprwts root@Test35:~# diff /var/spool/dovecot/public/Uni.Dtr/pub1/.INBOX/dovecot-acl /var/spool/dovecot/private/uni.dtr/pub2m/Maildir/dovecot-acl * Manual tests with Horde webmail worked as expected.
<http://errata.software-univention.de/ucs/4.1/18.html>