ACL to deny move mailbox/folder

[tarjei]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ken Murchison wrote:
> tarjei wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> I got a shared folder where I want users to be able to create
>> subfolders, but where I want to restrict the users so they do not move
>> or delete the shared folder. The folder is a top level shared folder.
>>
>> I read through the cyradm documentation, but it wasn't very clear on how
>> to do this. Is it possible?
> 
> What version of Cyrus?  If you're using 2.3.x, removing the 'x' right
> from your users will prevent them from deleting the mailbox.  I'd have
> to check the ACL RFC, but I believe it will also prevent renaming (I
> think RENAME need delete on the source and create on the destination).
> 2.3.7.

Interestingly enough, it seems that removing the 'x' right isn't possible :

localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain> sam Fag anyone lrswipktecda
localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain> sam Fag anyone write
localhost.localdomain> lam Fag
anyone lrswipkxtecd
localhost.localdomain> sam Fag anyone lrswipktecda
localhost.localdomain> lam Fag
anyone lrswipkxtecda
localhost.localdomain>

After some fooling around, I found out that the problem is that if you
give the user the a right, then you also grant the e and t rights.

Also, cyradm doesn't document what the c and d rights are.

A small documentation update would be nice here.

Anyhow, thanks for the tip - it solves my problem I think.

Kind regards,
Tarjei
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI7H2LYVRKCnSvzfIRAiwGAJ9VItud/O1CGvJGwNP1cJaD8y3MxwCgul26
vp1Bg7KB7OGVWwue9WJ/ovE=
=Dqmo
-----END PGP SIGNATURE-----