Re: ACL to deny move mailbox/folder
tarjei wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Ken Murchison wrote: >> tarjei wrote: >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> Hi, >>> >>> I got a shared folder where I want users to be able to create >>> subfolders, but where I want to restrict the users so they do not move >>> or delete the shared folder. The folder is a top level shared folder. >>> >>> I read through the cyradm documentation, but it wasn't very clear on how >>> to do this. Is it possible? >> What version of Cyrus? If you're using 2.3.x, removing the 'x' right >> from your users will prevent them from deleting the mailbox. I'd have >> to check the ACL RFC, but I believe it will also prevent renaming (I >> think RENAME need delete on the source and create on the destination). >> 2.3.7. > > Interestingly enough, it seems that removing the 'x' right isn't possible : > > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone write > localhost.localdomain> lam Fag > anyone lrswipkxtecd > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> > > After some fooling around, I found out that the problem is that if you > give the user the a right, then you also grant the e and t rights. This would only be the case if you have 'deleteright' set to 'a'. > Also, cyradm doesn't document what the c and d rights are. They are legacy rights macros that are now macros. If the 'deleteright' option in imapd.conf is set to the default of 'c', the c='kx' and d='et'. By explicitly granting 'd' above, you're implicitly granting 'x'. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ACL to deny move mailbox/folder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ken Murchison wrote: > tarjei wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi, >> >> I got a shared folder where I want users to be able to create >> subfolders, but where I want to restrict the users so they do not move >> or delete the shared folder. The folder is a top level shared folder. >> >> I read through the cyradm documentation, but it wasn't very clear on how >> to do this. Is it possible? > > What version of Cyrus? If you're using 2.3.x, removing the 'x' right > from your users will prevent them from deleting the mailbox. I'd have > to check the ACL RFC, but I believe it will also prevent renaming (I > think RENAME need delete on the source and create on the destination). > 2.3.7. Interestingly enough, it seems that removing the 'x' right isn't possible : localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> sam Fag anyone lrswipktecda localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> sam Fag anyone write localhost.localdomain> lam Fag anyone lrswipkxtecd localhost.localdomain> sam Fag anyone lrswipktecda localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> After some fooling around, I found out that the problem is that if you give the user the a right, then you also grant the e and t rights. Also, cyradm doesn't document what the c and d rights are. A small documentation update would be nice here. Anyhow, thanks for the tip - it solves my problem I think. Kind regards, Tarjei -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7H2LYVRKCnSvzfIRAiwGAJ9VItud/O1CGvJGwNP1cJaD8y3MxwCgul26 vp1Bg7KB7OGVWwue9WJ/ovE= =Dqmo -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ACL to deny move mailbox/folder
tarjei wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > I got a shared folder where I want users to be able to create > subfolders, but where I want to restrict the users so they do not move > or delete the shared folder. The folder is a top level shared folder. > > I read through the cyradm documentation, but it wasn't very clear on how > to do this. Is it possible? What version of Cyrus? If you're using 2.3.x, removing the 'x' right from your users will prevent them from deleting the mailbox. I'd have to check the ACL RFC, but I believe it will also prevent renaming (I think RENAME need delete on the source and create on the destination). -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ACL to deny move mailbox/folder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I got a shared folder where I want users to be able to create subfolders, but where I want to restrict the users so they do not move or delete the shared folder. The folder is a top level shared folder. I read through the cyradm documentation, but it wasn't very clear on how to do this. Is it possible? Should I consider other ways to do this - for example change the file permissions of the mailbox directory directly? All tips are welcome. Kind regards, Tarjei -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI6glAYVRKCnSvzfIRAsvfAJ95/s+vO/Pb37SQJkYGgGg2PZC26ACeJdEL PaqZg6SjMVPV6XJ/mp7BdUM= =+ywm -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html