Cyrus ACL Query and Mulberry

Lee Cashmore lee.cashmore at tcat.ac.uk
Tue May 20 13:34:26 EDT 2003


We are running Cyrus 2.1.11 and have 3000+ users on the system. We get
requests from time to time to deny some students access to their email
for misuse of the system etc.....

I have been modifying the ACL's on a users account to do this but have
hit upon a problem an example of which is shown below :


mailbox  for a user

user.fred

acl permissions set on the mailbox are 

fred lrswipcda


Now after reading some of the documents i came across some information
regarding the syntax -<user> <flags> which as i understand it removes
the rights given by particular flags. 

So to deny access i have been setting the following rights

-fred lrswipcda

so the rights list now looks like

fred lrswipcda
-fred lrswipcda

And if i login into the server using Mulberry (our email client) as fred
sure enough the mailbox is reported as missing and is inacessible.

The problem is that in Mulberry (and many other clients I am sure) you
can still right click on the INBOX and select properties and look at the
ACL's 

Then if as the user I say add an ACL for the user -fred
And then Delete the ACL for the user -fred

This Effectivly removes the lock which i Had placed. 

Even though i would have expected the -fred to have removed admin rights
to that mailbox. I have done further tests and even if the user has NO
rights to the mailbox e.g. permissions on the mailbox user.fred are :

-fred lrswipcda

as long as they can authenticate with a password they are able to change
the access permissions for the mailbox regardless of any of the access
controls set upon it. 

I don't know if this is a bug or just how it works, if this is how it
works can someone suggest a way of locking (or denying access to) a
mailbox for a particular user.

Thanks for any help

Lee





-- 
--
------------------------------------------------------------------------
Lee Cashmore				  Telephone : +44 (0)1952 642284
Network Administrator (Postmaster)
Telford College of Arts & Technology	Web Site : http://www.tcat.ac.uk
------------------------------------------------------------------------




------------------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual
to whom it is addressed.  Any views or opinions presented are solely those
of the author and do not necessarily represent those of
Telford College of Arts & Technology.  If you are not the intended recipient,
be advised that you have received this email in error and that any use,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited. 

If you have received this email in error please notify the
Telford College of Arts & Technology I.T. Helpdesk
by telephone on 44 (0)1952 642284.

Any files attached to this e-mail will have been checked with virus software
before transmission.  However, you should carry out your own virus check
before opening any attachment.  Telford College of Arts & Technology accepts
no liability for any loss or damage, which may be caused by software
viruses.

This message has been scanned for viruses and content by Mail Marshal.
------------------------------------------------------------------------------




More information about the Info-cyrus mailing list