Question on ACL's

Ken Murchison ken at oceana.com
Fri Jan 30 12:57:10 EST 2004 

Jason Williams wrote:

> Morning everyone,
> 
> I've been working on implementing Bulletin Boards over here for our 
> company which will allow our users to be able to "share" a folder and 
> post/move messages into the folder for other users to view.
> 
> Creating the actual mailbox is no problem. The question lies when 
> assigning the ACL's to the mailbox in order to allow users to view and 
> post to the mailbox/bulletin board.
> 
> For example, I did the following:
> 
> I created a mailbox:
> user.loanofficers
> and
> user.loanofficers.announce

First off, is there a reason why you are using a personal mailbox as a 
bulletin board?  Is there actually a loanofficer user?  If not, you 
could just create loanofficers.announce (notice the lack of user.)

> I then proceeded to setup my acl's.
> 
> I added:
> 
> anyone lr
> and
> jwilliams p
> 
> Which, from what I thought, would allow anyone the ability to list and 
> read and the user jwilliams the ability to post.
> Well, it didn't work out that way.
> 
> When I was trying to post to the list, even though my MTA showed it 
> being delivered to the mailbox, the user jwilliams could not view it in 
> his mozilla client.
> 
> After playing with the ACL's a bit, the only way I could get the user 
> jwilliams to be able to see messages and post messages to 
> user.loanofficer.announce was to set the following acl's:
> 
> anyone lrp
> 
> I completely removed the acl's for the my account (jwilliams). Once I 
> did that, I was able to see the messages and post to the list.
> 
> Now, my question is why are the acl's not working for the user 
> jwilliams? That account does exist in the sasldb2.

The ACL for jwilliams will only work if the MTA authenticates to lmtpd 
(or passes the AUTH= keyword) as jwilliams, otherwise lmtpd assumes that 
the user is anonymous.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list