ACLs and such
Ken Murchison
ken at oceana.com
Wed Feb 5 20:55:19 EST 2003
Rob Siemborski wrote:
>
> On Wed, 5 Feb 2003, Hans Wilmer wrote:
>
> > cm user.test
> > cm user.test.archives otherpartition
> >
> > sq user.test 100
> > sq user.test.archives 1000
> >
> > sam user.test.archives test lrswipca
> >
> >
> > ... and nevertheless allow user 'test' to delete mails and folders
> > residing under user.test.archives by default?
> >
> > The point is that the user must not be able to delete his 'archives'
> > folder, but he must be able to freely operate on anything that resides
> > within that folder.
>
> So, Offhand, I think the rest of your mail is to special purpose for
> general use, but I'll address this part of it, since its been brought up
> before.
>
> Part of the design of cyrus includes the assumption that it's a bigger
> helpdesk headache when users blow away their own acls (and lose access)
> than it is if they are actually held bound to them. Therefore, within a
> user's mailbox hierarchy, you cannot remove full rights for that user.
>
> There are various arguments against this, and I think the final decision
> was that we look at an "implicit rights" patch, whereby admins could
> specify what rights their users had on "their" mailboxes implicitly (and I
> seem to remember Ken even made one), but I can't locate it right now.
> Ken?
Its in the 2.2 branch. Its probably possible to backport it, but IIRC
we discussed this and decided that 2.1 was in feature freeze.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list