On Wed, 5 Feb 2003, Hans Wilmer wrote: > cm user.test > cm user.test.archives otherpartition > > sq user.test 100 > sq user.test.archives 1000 > > sam user.test.archives test lrswipca > > > ... and nevertheless allow user 'test' to delete mails and folders > residing under user.test.archives by default? > > The point is that the user must not be able to delete his 'archives' > folder, but he must be able to freely operate on anything that resides > within that folder.
So, Offhand, I think the rest of your mail is to special purpose for general use, but I'll address this part of it, since its been brought up before. Part of the design of cyrus includes the assumption that it's a bigger helpdesk headache when users blow away their own acls (and lose access) than it is if they are actually held bound to them. Therefore, within a user's mailbox hierarchy, you cannot remove full rights for that user. There are various arguments against this, and I think the final decision was that we look at an "implicit rights" patch, whereby admins could specify what rights their users had on "their" mailboxes implicitly (and I seem to remember Ken even made one), but I can't locate it right now. Ken? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper