I things this is a bug, I tried GETACL and MYRIGHTS and got unexpected result ! If I dont get explanations, I will report a BUG, or you can ! You found it ! # imtest -a admin.mydomain.loc@xxxxxxxxxxxx -w password -u bk17@xxxxxxxx -v localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR] eg01.emailgency.loc Cyrus IMAP4 v2.3.9-openpkg server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH S: C01 OK Completed C: A01 AUTHENTICATE PLAIN YmsxN0BiZXRhLmxvYwBhZG1pbi5teWRvbWFpbi5sb2NAbXlkb21haW4ubG9jAHZpc2hub3U= S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH] Success (no protection) Authenticated. Security strength factor: 0 A4 GETACL INBOX * ACL INBOX bk17@xxxxxxxx lrswipkxtecda manager r A4 OK Completed A7 MYRIGHTS INBOX * MYRIGHTS INBOX lrswipkxtecda A7 OK Completed A8 CREATE INBOX/foo A8 OK Completed A9 MYRIGHTS INBOX/boo A9 NO Mailbox does not exist A10 MYRIGHTS INBOX/foo * MYRIGHTS INBOX/foo lrswipkxtecda A10 OK Completed A11 GETACL INBOX/foo * ACL INBOX/foo bk17@xxxxxxxx lrswipkxtecda manager r A11 OK Completed On 10/1/07, Toschi Pietro <Pietro.Toschi@xxxxxxxxxx> wrote: > > > > > Hi list, > > I have a cyrus 2.3.9 test server with two virtual domains: aa.it and bb.it. > Having "virtualdomains: yes", I've experimented with "admins" directive and > I've added one account: > > "admins: cyrus user01@xxxxx " > > After a cyrus-imapd restart I've tried using imtest: > > > > [root@olimpo ~]# imtest -a utente01@xxxxx -w password -u utente02@xxxxx -v > localhost > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR] olimpo > Cyrus IMAP4 v2.3.9-Invoca-RPM-2.3.9-3 server ready > > C: C01 CAPABILITY > > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR ACL > RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES > ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE > URLAUTH > > S: C01 OK Completed > > C: A01 AUTHENTICATE PLAIN > dXRlbnRlMDJAYmIuaXQAdXRlbnRlMDFAYWEuaXQAdXRlbnRlMDE= > > S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL > RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES > ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE > URLAUTH] Success (no protection) > > Authenticated. > > Security strength factor: 0 > > > > I expected some authorization-related error message, but instead > user01@xxxxx was able not only to authenticate (as expected, since I used > the right credentials) but also to get authorized as user02@xxxxx, that is a > normal user of a different domain. > > I expected that every "admin", in a virtualdomain environment, be able to > manage only its or her accounts based of course on the domain part of the > username. > > > > Is there something I missed in my config or maybe in my understanding of > this feature? > > > > > > Thanks > > Pietro > > > > > > configdirectory: /var/lib/imap > > > > partition-default: /storage/mail > > > > admins: cyrus user01@xxxxx > > > > sievedir: /var/lib/imap/sieve > > > > sendmail: /usr/sbin/sendmail > > > > hashimapspool: true > > > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN > > > > virtdomains: yes > > defaultdomain: localdomain > > unixhierarchysep: yes > ________________________________ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
