ACL problems
Andrew Morgan
morgan at orst.edu
Tue Feb 7 21:38:27 EST 2006
On Tue, 7 Feb 2006, Robert Schmid wrote:
> I have one user with complete access to another users mailbox hierarchy.
> I dumped the entire mailbox database using ctl_mailbox -d.
>
> I deleted two lines for a couple of shared directories and double checked
> the permissions for the two users. I could see nothing that would allow
> the one user to see the other. Also there appears to be a folder 'Other
> Users' under which the other user's directory is seen. There was no sign
> of a mailbox called 'Other Users' in the database.
>
> I then rebuilt the mailboxes database from the text file. As expected the
> two shared folders were gone but the one user can still see the other
> user's hierarchy.
"Other Users" is how you see other user mailboxes when you have sort of
access to them, from an IMAP client. You won't find "Other Users" in the
mailboxes.db.
> Where else should I look to find out how this user is getting access to
> these other mailboxes?
What are the permissions on the mailbox that appears under Other Users?
Perhaps there is an ACL on a subfolder of that mailbox that is granting
access? What does "sam user.foo" say for the user foo in this case?
Andy
More information about the Info-cyrus
mailing list