Cyrus ACL Query and Mulberry
John Alton Tamplin
jtampli at sph.emory.edu
Tue May 20 13:53:13 EDT 2003
Lee Cashmore wrote:
>We are running Cyrus 2.1.11 and have 3000+ users on the system. We get
>requests from time to time to deny some students access to their email
>for misuse of the system etc.....
>as long as they can authenticate with a password they are able to change
>the access permissions for the mailbox regardless of any of the access
>controls set upon it.
As far as I understand it, a user has implicit rights to adjust the ACL
for their mailbox, just like the administrative user has rights to
change any ACL.
>I don't know if this is a bug or just how it works, if this is how it
>works can someone suggest a way of locking (or denying access to) a
>mailbox for a particular user.
We handle this by removing their ability to authenticate, with the
encrypted password in the NIS+ map set to *. If you need to allow them
to login or other uses of authentication and only have one
authentication source, then I guess that won't work for you. In our
case, if we disable a user's account we don't want them getting into
John A. Tamplin Unix System Administrator
Emory University, School of Public Health +1 404/727-9931
More information about the Info-cyrus