Roundcube ACL plugin not working correctly (NethServer 8)

RTechSn · May 22, 2025, 12:24pm

Hello.
I’m trying to share an IMAP folder with another user (admin), and I’ve noticed that email usernames do not include a domain part.
I’ve confirmed my suspicions by installing WebTop, and sharing works correctly, resulting in ACL set to ‘admin’ username, and you can subscribe to that IMAP folder on admin account after that.
But Roundcube ACL plugin just appends domain for you, if you don’t specify it, which results in not working share.

I’ve tried editing the acl.php file inside the container,
/home/roundcubemail1/.local/share/containers/storage/volumes/html/_data/plugins/acl/acl.php

and commenting out this line:
$user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm));

But changes don’t persist after restart.
Is there some way that I can override this file without loosing the ability to update and control the app via admin panel?
I have some experience with docker-compose and I can imagine that you could just mount the file directly,
but running podman with runagent on another user is a bit complicated to understand.

mrmarkuz · May 22, 2025, 12:36pm

Hi,

welcome to NethServer community.

Here is an example of mounting files via volumes: SOGo new features: configuration template and access/configure button - #33 by mrmarkuz

RTechSn · May 22, 2025, 1:41pm

Thank you.
ACLs are working perfectly fine now.
Here is a complete solution, in case someone stumbles upon this topic:

Make a copy of acl.php from your container to state folder:
cp /home/roundcubemail1/.local/share/containers/storage/volumes/html/_data/plugins/acl/acl.php /home/roundcubemail1/.config/state/acl.php
Edit the new file and comment out these lines in action_save() function:

//if (!strpos($user, '@') && ($realm = $this->get_realm())) {
//    $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm));
//}

Enter your Roundcube app environment
sudo /usr/local/bin/runagent -m roundcubemail1
Edit the override for roundcubemail-app
systemctl --user edit roundcubemail-app.service
and add the following contents:

[Service]
ExecStart=
ExecStart=/usr/bin/podman run --conmon-pidfile %t/roundcubemail-app.pid \
     --cidfile %t/roundcubemail-app.ctr-id --cgroups=no-conmon \
     --pod-id-file %t/roundcubemail.pod-id --replace -d --name  roundcubemail-app \
     --volume html:/var/www/html/:Z \
     --volume ./config:/var/roundcube/config:Z \
     --volume ./acl.php:/var/www/html/plugins/acl/acl.php:Z \
     --env=ROUNDCUBEMAIL_* \
     --env ROUNDCUBEMAIL_DB_TYPE=mysql \
     --env ROUNDCUBEMAIL_DB_HOST=127.0.0.1 \
     --env ROUNDCUBEMAIL_DB_PORT=3306 \
     --env ROUNDCUBEMAIL_DB_USER=roundcubemail \
     --env ROUNDCUBEMAIL_DB_PASSWORD=roundcubemail \
     --env ROUNDCUBEMAIL_DB_NAME=roundcubemail \
     ${ROUNDCUBEMAIL_IMAGE}

Notice the added line:
--volume ./acl.php:/var/www/html/plugins/acl/acl.php:Z \
Everything else is copied from the original ExecStart paramter.

Now restart the container and verify it’s running

systemctl --user restart roundcubemail-app.service
systemctl --user status roundcubemail-app.service