On Thu, 19 Apr 2007, Nestor A. Diaz wrote:
Andrew Morgan wrote:
Easy. When you want to look at another user's mail, just modify the
permissions on their mailbox. You can do this with cyradm like so:
sam user.foo adminuser all
We use a perl script that does this recursively for each folder that
belongs to a specify user, and a second script that recursively removes the
permission when we are finished.
After granting these permissions, you'll see the user's mailbox in your
IMAP namespace as "Other Users.foo".
Ok, that's clear for me, but since i am going to have a huge mailstore i
don't like the idea of the person having to subscribe to each user mailbox,
or modifying the user mailbox acl each time the person want to access data,
so as an easy way i was thinking on using sasl as a helper, if that's not
possible what i am thinking to create at first time, is that when the admin
(which is really a supervisor with just read privilegies) wants to see others
users mailbox, it just open a web application, that ask for their password,
if validation went ok, then ask for the mailbox he wants to see and
recurisvely change permissions, this way the Supervisor can see what others
user have into their mailbox without using cyradm command line.
You don't want to have these permissions set for all users, continuously.
It is also a bad idea to have any of your Cyrus admin users (ones defined
in imapd.conf as admins) have mailboxes.
Your idea of using a web page to temporarily grant access sounds like a
reasonable idea to me.
Andy
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
