Re: Captive mailbox in Cyrus IMAP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2006-11-21 at 16:44 -0600, Rich Graves wrote:
> UW-IMAP has no concept of ACLs; to make a mailbox read-only, you simply 
> manipulate file system permissions. Cyrus has proper ACLs that are 
> shared between mail delivery and imapd. It's not obvious what you would 
> want to hack in order to make lmtpd's view of ACLs and mailbox paths 
> different than imapd's.

lmtpd ignores posting permissions when delivering directly to INBOX
folders.  It's the final parameter of imap/lmtpd.c:deliver_mailbox(),
acloverride.  Cyrus can _always_ deliver new mail to user inboxes via
LMTP, permissions apply for direct delivery to subfolders by +extension
addressing and for shared folders, etc.

So you probably want to script up an admin tool which, for a user
"fred", connects up, does two LISTs:
  LIST "" "user.fred"
  LIST "" "user.fred.*"
(or "/" instead of ".", depending upon config), then does a GETACL for
every folder returned; dump those results out to a backup file in the
local filesystem, where a restore tool can automatically put the privs
back, then loop through and for every folder, for each identifier with
positive rights, remove those rights.

The only bit to be really cautious of is to be sure that a restore
script properly deals with negative ACL rights, if a user has shared
folders which are semi-public, to deal with privacy issues.

All AIUI.

-Phil
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux