ACLs and such

Ken Murchison ken at oceana.com
Wed Feb 5 20:55:19 EST 2003



Rob Siemborski wrote:
> 
> On Wed, 5 Feb 2003, Hans Wilmer wrote:
> 
> > cm user.test
> > cm user.test.archives otherpartition
> >
> > sq user.test 100
> > sq user.test.archives 1000
> >
> > sam user.test.archives test lrswipca
> >
> >
> > ... and nevertheless allow user 'test' to delete mails and folders
> > residing under user.test.archives by default?
> >
> > The point is that the user must not be able to delete his 'archives'
> > folder, but he must be able to freely operate on anything that resides
> > within that folder.
> 
> So, Offhand, I think the rest of your mail is to special purpose for
> general use, but I'll address this part of it, since its been brought up
> before.
> 
> Part of the design of cyrus includes the assumption that it's a bigger
> helpdesk headache when users blow away their own acls (and lose access)
> than it is if they are actually held bound to them.  Therefore, within a
> user's mailbox hierarchy, you cannot remove full rights for that user.
> 
> There are various arguments against this, and I think the final decision
> was that we look at an "implicit rights" patch, whereby admins could
> specify what rights their users had on "their" mailboxes implicitly (and I
> seem to remember Ken even made one), but I can't locate it right now.
> Ken?


Its in the 2.2 branch.  Its probably possible to backport it, but IIRC
we discussed this and decided that 2.1 was in feature freeze.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp




More information about the Info-cyrus mailing list