tarjei wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ken Murchison wrote: >> tarjei wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> I got a shared folder where I want users to be able to create >>> subfolders, but where I want to restrict the users so they do not move >>> or delete the shared folder. The folder is a top level shared folder. >>> >>> I read through the cyradm documentation, but it wasn't very clear on how >>> to do this. Is it possible? >> What version of Cyrus? If you're using 2.3.x, removing the 'x' right >> from your users will prevent them from deleting the mailbox. I'd have >> to check the ACL RFC, but I believe it will also prevent renaming (I >> think RENAME need delete on the source and create on the destination). >> 2.3.7. > > Interestingly enough, it seems that removing the 'x' right isn't possible : > > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone write > localhost.localdomain> lam Fag > anyone lrswipkxtecd > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> > > After some fooling around, I found out that the problem is that if you > give the user the a right, then you also grant the e and t rights. This would only be the case if you have 'deleteright' set to 'a'. > Also, cyradm doesn't document what the c and d rights are. They are legacy rights macros that are now macros. If the 'deleteright' option in imapd.conf is set to the default of 'c', the c='kx' and d='et'. By explicitly granting 'd' above, you're implicitly granting 'x'. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
