ACLs

Ken Murchison murch at andrew.cmu.edu
Mon Oct 24 12:30:12 EDT 2005


Nikola Milutinovic wrote:

> Ken Murchison wrote:
> 
>> Jt Chiodi wrote:
>>
>>> I have noticed that a sub folder of a user's INBOX does not have
>>> anyone p set on it when it is created.  I am not giving my users
>>> access to cyradm and do not want to change acls everytime a mailbox is
>>> created.  I would like to set the default sub folder behavior to
>>> anyone p.  I looked at the man for imapd.conf and the closest thing I
>>> can find is defaultacl but the descripion says non-user with no
>>> parent.  How can I sent the default behavior of a user INBOX sub
>>> folder to anyone p
>>
>>
>>
>> If this is what you really want to do (I'm not sure that I'd 
>> appreciate the fact that an admin is unilaterally enabling anyone to 
>> post to my personal mailboxes), explicitly set 'anyone p' on the 
>> INBOX, and this ACL will be inherited by all submailboxes when they 
>> are created.
> 
> 
> 
> Hi all. What is the purpose/usage of "p" right?
> 
> I mean, I know what it stands for, "post" right, giving permission to 
> the user to post a message into that folder. So far, I have been 
> thinking of it in terms of mail delivery, since that is what allows 
> Cyrus to accept messages and file them into a particular folder. Am I 
> right?

Yes.

> So, how come only the owner of a mailbox has "p"?  Does Cyrus
> switch to the owner, in case of a delivery?


INBOXes implicitly have 'p' set to anyone, otherwise most people would 
never receive their mail.  For any other folder, lmtpd checks to see if 
the authenticated user has the 'p' right.

> 
> I know I had to give "anyone" "p" on shared folders. I tried giving "p" 
> to user "cyrus", but it somehow did not work, not sure why. Delivery is 
> done from Sendmail via LMTP and I did setup auth-info, so Sendmail 
> should have authenticated itself as user "cyrus". Is that the right way?

The MTA needs to use the AUTH=<authid> keyword with the MAIL FROM 
command.  It is this authid which is used when checking the ACL.

-- 
Kenneth Murchison
Systems Programmer
Carnegie Mellon University



More information about the Info-cyrus mailing list