Re: Deny INBOX subfolder creation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You should set the 'implicit_owner_rights' option in imap.conf to 'lr'. By default its set to 'lkxa' which allows a user to create mailboxes ('k'). 


On 10/05/2016 04:12 AM, Janne Peltonen via Info-cyrus wrote:

Hi!

So we wanted to make our old Cyrus IMAP server a read-only archive for a
period. I thought that'd be child's play using Cyrus's great ACL's, ie. change
the permissions on INBOX and everything below that to 'lr' for the user. But
for some reason, a user can still create subfolders to the INBOX and other
folders below the INBOX (while not being able to delete the subfolders).
Googling on it, I found one exchange on this list, from the year 2010:

   https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-June/033125.html

The answer claims that the user will have implicit 'l' and 'a' rights on their
personal mailbox, referring to a link that's become stale since. Now, there are
two problems with that answer:

  1) It doesn't answer the question: 'l' and 'a' rights don't give the user a
right to create a subfolder unless they explicitely give themselves that right
using the implicit 'a' right; and

  2) at least in the current version of Cyrus, it appears that if the user
doesn't have the explicit 'a' right, they can't give themselves any new rights
to their INBOX, so the implicit 'a' right doesn't exist - at least, not
anymore.

Apparently, I'm not the only administrator with this particular problem with a
reasonably current version of Cyrus. This one is from somebody running 2.4.18,
three months ago:

  https://stackoverflow.com/questions/37749083/cyrus-permissions-to-disallow-folder-creation-deletion

I'm running 2.4.17. And I've set the permissions on my test user's INBOX to
'lr' for the user.

Any ideas?


Yours,

Janne Peltonen
Email Admin
University of Helsinki
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux