Re: The admins key on imapd.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2015-03-10 20:25, Niels Dettenbach wrote:
> Am Dienstag, 10. März 2015, 17:48:44 schrieb Manuel Vazquez:
>> I understand by the official documentation,this users described there 
>> are
>> can see the mailboxes of the all the users present in the server.
>> 
>> Do it is correct?
> Beside this, the admin user(s) are able to create mailboxes / folders 
> and
> maintaining access rights and quotas including delete folders after 
> setting
> the appropiate rights to it.
> 
> It is important to understand the role of the admin user - without i 
> assume it
> would be nearly impossible to set up and maintain a cyrus setup.
> 

True, but for the autocreate feature set we have today ;-)

It needs to be understood that any user listed in `admins` setting has 
-- implicitly -- the 'a' right on *all* mailboxes.

The 'a' right does not imply any other rights ('l', 'r', 's' most 
prominently, though an "admin" doesn't require 'l' specifically in order 
to be able to have a mailbox appear in a list of mailboxes), but does 
impose the right to SETACL (including 'l', 'r' and 's', and whichever 
other ones!).

`admins` should be limited very, *very* much, to a rather select group 
of people/services with a proverbial ``$surname-admin`` account -- it is 
the sysadmin/root equivalent of a system otherwise normally a sealed 
system.

Kind regards,

Jeroen van Meeuwen

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +41 79 951 9003
w: https://kolabsystems.com

pgp: 9342 BF08
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus





[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux