RFC patch: Deny removal of folder owner ACLs
Guilherme Maciel Ferreira
guilherme.maciel.ferreira at intra2net.com
Thu Dec 30 04:45:18 EST 2010
Hi,
We were having problems with some users who deleted all ACL rights
from a folder, rendering the mailbox inaccessible.
There's already a feature in cyrus that the folder owner can't
delete his own administration rights (implicit acls).
This left one hole in the protection which is still cumbersome to the users:
If user A has admin rights over user B's mailbox, user A can remove the admin
rights from user B, either by DELETEACL B, or by SETACL B with more
restrictive access rights.
So we changed the imap server to avoid such kind of behavior. The patch was
developed for version 2.3.16. It is possible to roll back to the default
behavior through the imapd.conf variable "owneralwaysadmin=no".
Sincerely,
Guilherme Maciel Ferreira
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus-imapd-2.3.16-keep-owner-rights.patch
Type: text/x-patch
Size: 4948 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20101230/42d06c24/attachment.bin
More information about the Cyrus-devel
mailing list