Deny INBOX subfolder creation
Ken Murchison
murch at andrew.cmu.edu
Fri Oct 7 08:27:32 EDT 2016
You should set the 'implicit_owner_rights' option in imap.conf to 'lr'.
By default its set to 'lkxa' which allows a user to create mailboxes ('k').
On 10/05/2016 04:12 AM, Janne Peltonen via Info-cyrus wrote:
> Hi!
>
> So we wanted to make our old Cyrus IMAP server a read-only archive for a
> period. I thought that'd be child's play using Cyrus's great ACL's, ie. change
> the permissions on INBOX and everything below that to 'lr' for the user. But
> for some reason, a user can still create subfolders to the INBOX and other
> folders below the INBOX (while not being able to delete the subfolders).
> Googling on it, I found one exchange on this list, from the year 2010:
>
> https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-June/033125.html
>
> The answer claims that the user will have implicit 'l' and 'a' rights on their
> personal mailbox, referring to a link that's become stale since. Now, there are
> two problems with that answer:
>
> 1) It doesn't answer the question: 'l' and 'a' rights don't give the user a
> right to create a subfolder unless they explicitely give themselves that right
> using the implicit 'a' right; and
>
> 2) at least in the current version of Cyrus, it appears that if the user
> doesn't have the explicit 'a' right, they can't give themselves any new rights
> to their INBOX, so the implicit 'a' right doesn't exist - at least, not
> anymore.
>
> Apparently, I'm not the only administrator with this particular problem with a
> reasonably current version of Cyrus. This one is from somebody running 2.4.18,
> three months ago:
>
> https://stackoverflow.com/questions/37749083/cyrus-permissions-to-disallow-folder-creation-deletion
>
> I'm running 2.4.17. And I've set the permissions on my test user's INBOX to
> 'lr' for the user.
>
> Any ideas?
>
>
> Yours,
>
> Janne Peltonen
> Email Admin
> University of Helsinki
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
More information about the Info-cyrus
mailing list