maildiracl (1)
Leading comments
<!-- Copyright 2003-2009 Double Precision, Inc. See COPYING for --> <!-- distribution information. --> Title: maildiracl Author: Sam Varshavchik Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> Date: 06/27/2015 Manual: Double Precision, Inc. Source: Courier Mail Server Language: English
NAME
maildiracl - manage access control listsSYNOPSIS
-
maildiracl {-reset} {maildir}
- maildiracl {-list} {maildir} {INBOX[.folder]}
- maildiracl {-set} {maildir} {INBOX[.folder]} {[-]identifier} {[+/-]rights}
- maildiracl {-delete} {maildir} {INBOX[.folder]} {[-]identifier}
- maildiracl {-compute} {maildir} {INBOX[.folder]} {identifier...}
- maildiracl {-list} {maildir} {INBOX[.folder]}
DESCRIPTION
maildiracl
-
Note
The Courier IMAP server server implements two types of shared folders: filesystem permission-based shared folders, as well as virtual shared folders based on IMAP access control lists. Use the maildiracl command to set up access control lists for virtual shared folders. Use the m[blue]maildirmake(1)m[]
[1], command to implement shared folders based on filesystem permissions.See the Courier IMAP server documentation for additional information on setting up virtual shared folders.
ACL overview
ACLs provide a fine-grained mechanism for controlling access to shared folders. ACLs may be used to specify, for example, that user1 may only open and read the messages in the folder; and user2 can not only do that, but also delete messages, and create subfolders.
Each folder maintains its own individual access control list, that specifies who can do what to the folder. An ACL is a list of lqidentifierrq and lqrightsrq pairs. Each lqidentifierrq and lqrightsrq pair means that an entity called lqidentifierrq (using the UTF-8 character set) is allowed to do lqrightsrq on this folder. lqrightsrq consists of one or more letters, each letter signifies a particular action:
a
- identifier may modify this folder's ACLs.
c
- identifier may create subfolders of this folder (this includes renaming another folder as this folder's subfolders).
e
- identifier may remove deleted messages from this folder.
i
- identifier may add messages to this folder (either uploading them one by one, or copying messages from another folder).
l
- identifier may actually see that this folder exists. If identifier does not have the lqlrq right on this folder, the folder is effectively invisible to identifier.
r
- identifier may open this folder. Note that if identifier knows the name of this folder, it can open it even if identifier does not the lqlrq right on this folder.
s
- identifier may mark messages in this folder as seen, or unseen.
t
- identifier may mark messages in this folder as deleted, or undeleted.
w
- identifier may change other status flags of messages in this folder. May also add or remove custom keywords on individual messages.
x
- identifier may delete this folder (which includes renaming this folder as another mailbox's subfoler.
-
An ACL entry of lq-identifierrq and lqrightsrq is called a lqnegative rightrq, which explicitly removes lqrightsrq from lqidentifierrq. More than one lqidentifierrq is usually used to determine the actual rights someone has for the given folder. The actual access rights are determined by taking all rights from all applicable identifier, than subtracting any negative rights, as specified in the following section.
-
Access rights on a given folder are computed by obtained the rights on the following identifiers, then subtracting the negative rights on the same identifiers:
owner
- The owner of the maildir containing this folder. The maildir's INBOX's ACL defaults to all rights for its owner. A new folder's ACL is the same as its parent's ACL. In all cases, trying to remove the lqarq right from the owner (either directly or using a negative right) results in an error.
anyone
- This identifier refers literally to every userid. The associated rights (or negative rights) are always used.
anonymous
- This is a synonym from lqanyonerq.
user=loginid
-
Rights (or negative rights) for IMAP account
lqloginidrq.
-
lqloginidrq is what's logged to syslog after a succesful login. In some situations lqloginidrq is not exactly the actual login ID used by the IMAP client.
group=name
- Rights (or negative rights) for account group lqnamerq. Access rights are granted to an account group as a whole. The account options feature of the Courier Authentication Library specifies which account belongs to which account group. See courier-authlib's documentation for more information.
administrators
- This is an alias for lqgroup=administratorsrq. Accounts that are members of an account group called lqadministratorsrq are considered administrative accounts, and automatically receive all access rights on all accessible folders.
Consider the following access control list:
owner aceilrstwx anyone lr user=john w -user=mary r administrators aceilrstwx
This access control list specifies that the folder's owner has complete control over the mailbox (as well as the administrators, which have complete access to every folder); everyone else can see it and open it, except for lqmaryrq who can see that the mailbox exists, but can't open it; additionally, lqjohnrq can change the status and keywords of individual messages (but not mark them as deleted/undeleted or seen/unseen, which requires additional rights).
OPTIONS
- maildiracl -reset maildir
-
Note
The Courier IMAP server normally performs this maintenance function automatically. It is not necessary to run this command under normal conditions.
- maildiracl -list maildir folder
- maildiracl -set maildir folder identifier rights
-
maildiracl -set /home/user1/Maildir INBOX.Sent user=john lr maildiracl -set /home/user2/Maildir INBOX.Notes anyone -r maildiracl -set /home/user3/Maildir INBOX.Private -user=tom +r
-
Note
Observe that the last command revokes the lqrrq right from lqtomrq, by adding it as a negative right.
- maildiracl -delete maildir folder identifier
- maildiracl -compute maildir folder [identifier]+
-
maildiracl -compute /home/tom46/Maildir INBOX.Sent owner user=tom46
This command computes access rights lqtom46rq has on his own folder.
-
maildiracl -compute /home/john34/Maildir INBOX.Public user=tom46
This command computes access rights lqtom46rq has on lqjohn34rq's folder.
IRREVOCABLE ACCESS RIGHTS
The owner of the mailbox must always have the lqarq amd lqlrq access rights. The administrators group must always have all access rights to all folders. Attempts to set access control lists, that do not include these minimum access rights, will be rejected.
BUGS
All identifiers are specified using the UTF-8 character set.
All non-Latin letters in folder names are specified using the modified-UTF7 coding as used in IMAP.
This implementation of access control lists is based on version 2 (or lqACL2rq) of IMAP access control lists, which is a work-in-progress. The existing IMAP ACL, m[blue]RFC 2086m[]
If history's of any guidance, ACL2 is subject to change at any time. Be sure to check the release notes when upgrading to a newer version of this software. The lqACL overviewrq portion of this manual page is a very brief summary of ACL2, which leaves out optional parts of ACL2 that are not implemented.
SEE ALSO
m[blue]maildirmake(1)m[]
AUTHOR
Sam Varshavchik
- Author
NOTES
- 1.
-
maildirmake(1)
- [set $man.base.url.for.relative.links]/maildirmake.html
- 2.
- RFC 2086
- 3.
-
maildirkw(1)
- [set $man.base.url.for.relative.links]/maildirkw.html