Deny INBOX subfolder creation
Janne Peltonen
janne.peltonen at helsinki.fi
Mon Oct 24 09:02:44 EDT 2016
...as it says clearly on the man page. Which I read and re-read without seeing it.
Thanks a lot!
--Janne
On Fri, Oct 07, 2016 at 08:27:32AM -0400, Ken Murchison via Info-cyrus wrote:
> You should set the 'implicit_owner_rights' option in imap.conf to 'lr'. By
> default its set to 'lkxa' which allows a user to create mailboxes ('k').
>
>
> On 10/05/2016 04:12 AM, Janne Peltonen via Info-cyrus wrote:
> >Hi!
> >
> >So we wanted to make our old Cyrus IMAP server a read-only archive for a
> >period. I thought that'd be child's play using Cyrus's great ACL's, ie. change
> >the permissions on INBOX and everything below that to 'lr' for the user. But
> >for some reason, a user can still create subfolders to the INBOX and other
> >folders below the INBOX (while not being able to delete the subfolders).
> >Googling on it, I found one exchange on this list, from the year 2010:
> >
> > https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-June/033125.html
> >
> >The answer claims that the user will have implicit 'l' and 'a' rights on their
> >personal mailbox, referring to a link that's become stale since. Now, there are
> >two problems with that answer:
> >
> > 1) It doesn't answer the question: 'l' and 'a' rights don't give the user a
> >right to create a subfolder unless they explicitely give themselves that right
> >using the implicit 'a' right; and
> >
> > 2) at least in the current version of Cyrus, it appears that if the user
> >doesn't have the explicit 'a' right, they can't give themselves any new rights
> >to their INBOX, so the implicit 'a' right doesn't exist - at least, not
> >anymore.
> >
> >Apparently, I'm not the only administrator with this particular problem with a
> >reasonably current version of Cyrus. This one is from somebody running 2.4.18,
> >three months ago:
> >
> > https://stackoverflow.com/questions/37749083/cyrus-permissions-to-disallow-folder-creation-deletion
> >
> >I'm running 2.4.17. And I've set the permissions on my test user's INBOX to
> >'lr' for the user.
> >
> >Any ideas?
> >
> >
> >Yours,
> >
> >Janne Peltonen
> >Email Admin
> >University of Helsinki
> >----
> >Cyrus Home Page: http://www.cyrusimap.org/
> >List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> >To Unsubscribe:
> >https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
> --
> Kenneth Murchison
> Principal Systems Software Engineer
> Carnegie Mellon University
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
More information about the Info-cyrus
mailing list