Cyrus ACL Query and Mulberry

John Alton Tamplin jtampli at
Tue May 20 13:53:13 EDT 2003

Lee Cashmore wrote:

>We are running Cyrus 2.1.11 and have 3000+ users on the system. We get
>requests from time to time to deny some students access to their email
>for misuse of the system etc.....
>as long as they can authenticate with a password they are able to change
>the access permissions for the mailbox regardless of any of the access
>controls set upon it. 
As far as I understand it, a user has implicit rights to adjust the ACL 
for their mailbox, just like the administrative user has rights to 
change any ACL.

>I don't know if this is a bug or just how it works, if this is how it
>works can someone suggest a way of locking (or denying access to) a
>mailbox for a particular user.
We handle this by removing their ability to authenticate, with the 
encrypted password in the NIS+ map set to *.  If you need to allow them 
to login or other uses of authentication and only have one 
authentication source, then I guess that won't work for you.  In our 
case, if we disable a user's account we don't want them getting into 

John A. Tamplin                               Unix System Administrator
Emory University, School of Public Health     +1 404/727-9931

More information about the Info-cyrus mailing list