On 2015-03-10 20:25, Niels Dettenbach wrote:
> Am Dienstag, 10. März 2015, 17:48:44 schrieb Manuel Vazquez:
>> I understand by the official documentation,this users described there
>> are
>> can see the mailboxes of the all the users present in the server.
>>
>> Do it is correct?
> Beside this, the admin user(s) are able to create mailboxes / folders
> and
> maintaining access rights and quotas including delete folders after
> setting
> the appropiate rights to it.
>
> It is important to understand the role of the admin user - without i
> assume it
> would be nearly impossible to set up and maintain a cyrus setup.
>
True, but for the autocreate feature set we have today ;-)
It needs to be understood that any user listed in `admins` setting has
-- implicitly -- the 'a' right on *all* mailboxes.
The 'a' right does not imply any other rights ('l', 'r', 's' most
prominently, though an "admin" doesn't require 'l' specifically in order
to be able to have a mailbox appear in a list of mailboxes), but does
impose the right to SETACL (including 'l', 'r' and 's', and whichever
other ones!).
`admins` should be limited very, *very* much, to a rather select group
of people/services with a proverbial ``$surname-admin`` account -- it is
the sysadmin/root equivalent of a system otherwise normally a sealed
system.
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +41 79 951 9003
w: https://kolabsystems.com
pgp: 9342 BF08
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
