Deny INBOX subfolder creation
Janne Peltonen
janne.peltonen at helsinki.fi
Wed Oct 5 04:12:22 EDT 2016
Hi!
So we wanted to make our old Cyrus IMAP server a read-only archive for a
period. I thought that'd be child's play using Cyrus's great ACL's, ie. change
the permissions on INBOX and everything below that to 'lr' for the user. But
for some reason, a user can still create subfolders to the INBOX and other
folders below the INBOX (while not being able to delete the subfolders).
Googling on it, I found one exchange on this list, from the year 2010:
https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-June/033125.html
The answer claims that the user will have implicit 'l' and 'a' rights on their
personal mailbox, referring to a link that's become stale since. Now, there are
two problems with that answer:
1) It doesn't answer the question: 'l' and 'a' rights don't give the user a
right to create a subfolder unless they explicitely give themselves that right
using the implicit 'a' right; and
2) at least in the current version of Cyrus, it appears that if the user
doesn't have the explicit 'a' right, they can't give themselves any new rights
to their INBOX, so the implicit 'a' right doesn't exist - at least, not
anymore.
Apparently, I'm not the only administrator with this particular problem with a
reasonably current version of Cyrus. This one is from somebody running 2.4.18,
three months ago:
https://stackoverflow.com/questions/37749083/cyrus-permissions-to-disallow-folder-creation-deletion
I'm running 2.4.17. And I've set the permissions on my test user's INBOX to
'lr' for the user.
Any ideas?
Yours,
Janne Peltonen
Email Admin
University of Helsinki
More information about the Info-cyrus
mailing list