ACL to deny move mailbox/folder
tarjei
tarjei at nu.no
Wed Oct 8 05:29:47 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ken Murchison wrote:
> tarjei wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> I got a shared folder where I want users to be able to create
>> subfolders, but where I want to restrict the users so they do not move
>> or delete the shared folder. The folder is a top level shared folder.
>>
>> I read through the cyradm documentation, but it wasn't very clear on how
>> to do this. Is it possible?
>
> What version of Cyrus? If you're using 2.3.x, removing the 'x' right
> from your users will prevent them from deleting the mailbox. I'd have
> to check the ACL RFC, but I believe it will also prevent renaming (I
> think RENAME need delete on the source and create on the destination).
> 2.3.7.
Interestingly enough, it seems that removing the 'x' right isn't possible :
localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain> sam Fag anyone lrswipktecda
localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain> sam Fag anyone write
localhost.localdomain> lam Fag
anyone lrswipkxtecd
localhost.localdomain> sam Fag anyone lrswipktecda
localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain>
After some fooling around, I found out that the problem is that if you
give the user the a right, then you also grant the e and t rights.
Also, cyradm doesn't document what the c and d rights are.
A small documentation update would be nice here.
Anyhow, thanks for the tip - it solves my problem I think.
Kind regards,
Tarjei
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI7H2LYVRKCnSvzfIRAiwGAJ9VItud/O1CGvJGwNP1cJaD8y3MxwCgul26
vp1Bg7KB7OGVWwue9WJ/ovE=
=Dqmo
-----END PGP SIGNATURE-----
More information about the Info-cyrus
mailing list