--- a/src/plugins/acl/acl-backend-vfile.c	Sun Nov 16 13:41:17 2008 +0200
+++ b/src/plugins/acl/acl-backend-vfile.c	Sun Nov 16 13:48:10 2008 +0200
@@ -704,8 +704,10 @@
 
 static void acl_backend_vfile_cache_rebuild(struct acl_object_vfile *aclobj)
 {
+	static const char *const admin_rights[] = { MAIL_ACL_ADMIN, NULL };
+	struct mail_namespace *ns;
 	struct acl_object *_aclobj = &aclobj->aclobj;
-	struct acl_rights_update ru;
+	struct acl_rights_update ru, ru2;
 	const struct acl_rights *rights;
 	unsigned int i, count;
 	bool first_global = TRUE;
@@ -715,6 +717,12 @@
 	if (!array_is_created(&aclobj->rights))
 		return;
 
+	ns = mailbox_list_get_namespace(_aclobj->backend->list);
+	memset(&ru2, 0, sizeof(ru2));
+	ru2.modify_mode = ACL_MODIFY_MODE_ADD;
+	ru2.rights.id_type = ACL_ID_OWNER;
+	ru2.rights.rights = admin_rights;
+
 	memset(&ru, 0, sizeof(ru));
 	rights = array_get(&aclobj->rights, &count);
 	for (i = 0; i < count; i++) {
@@ -731,9 +739,18 @@
 			   can't mess things up via them */
 			first_global = FALSE;
 			ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
+
+			if (ns->type == NAMESPACE_PRIVATE) {
+				/* make sure owner has admin rights
+				   (at least before global ACLs are applied) */
+				acl_cache_update(_aclobj->backend->cache,
+						 _aclobj->name, &ru2);
+			}
 		}
 		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
 	}
+	if (first_global && ns->type == NAMESPACE_PRIVATE)
+		acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru2);
 }
 
 static int acl_backend_vfile_object_refresh_cache(struct acl_object *_aclobj)