ACLs and such
Rob Siemborski
rjs3 at andrew.cmu.edu
Wed Feb 5 19:47:45 EST 2003
On Wed, 5 Feb 2003, Hans Wilmer wrote:
> cm user.test
> cm user.test.archives otherpartition
>
> sq user.test 100
> sq user.test.archives 1000
>
> sam user.test.archives test lrswipca
>
>
> ... and nevertheless allow user 'test' to delete mails and folders
> residing under user.test.archives by default?
>
> The point is that the user must not be able to delete his 'archives'
> folder, but he must be able to freely operate on anything that resides
> within that folder.
So, Offhand, I think the rest of your mail is to special purpose for
general use, but I'll address this part of it, since its been brought up
before.
Part of the design of cyrus includes the assumption that it's a bigger
helpdesk headache when users blow away their own acls (and lose access)
than it is if they are actually held bound to them. Therefore, within a
user's mailbox hierarchy, you cannot remove full rights for that user.
There are various arguments against this, and I think the final decision
was that we look at an "implicit rights" patch, whereby admins could
specify what rights their users had on "their" mailboxes implicitly (and I
seem to remember Ken even made one), but I can't locate it right now.
Ken?
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list