| |
MAILDIRACL(1) MAILDIRACL(1)
NAME
maildiracl - manage access control lists
SYNOPSIS
maildiracl -reset maildir
maildiracl -list maildir INBOX[.folder]
maildiracl -set maildir INBOX[.folder] [-]identifier [+/-]rights
maildiracl -delete maildir INBOX[.folder] [-]identifier
maildiracl -compute maildir INBOX[.folder] identifier ...
DESCRIPTION
maildiracl manages ``access control lists'' (or ACLs) of Courier-IMAP
maildir folders. Access control lists are used primarily to provide
fine-grained control for accessing virtual shared folders via IMAP.
Note:
The Courier-IMAP server implements two types of shared folders:
filesystem permission-based shared folders, as well as virtual
shared folders based on IMAP access control lists. Use the
maildiracl command to set up access control lists for virtual
shared folders. Use the maildirmake(1), command to implement
shared folders based on filesystem permissions.
See the Courier-IMAP server documentation for additional infor-
mation on setting up virtual shared folders.
ACL OVERVIEW
ACLs provide a fine-grained mechanism for controlling access to shared
folders. ACLs may be used to specify, for example, that user1 may only
open and read the messages in the folder; and user2 can not only do
that, but also delete messages, and create subfolders.
Each folder maintains its own individual access control list, that
specifies who can do what to the folder. An ACL is a list of ``identi-
fier'' and ``rights'' pairs. Each ``identifier'' and ``rights'' pair
means that an entity called ``identifier'' (using the UTF-8 character
set) is allowed to do ``rights'' on this folder. ``rights'' consists
of one or more letters, each letter signifies a particular action:
a identifier may modify this folder's ACLs.
c identifier may create subfolders of this folder (this includes
renaming another folder as this folder's subfolders).
e identifier may remove deleted messages from this folder.
i identifier may add messages to this folder (either uploading
them one by one, or copying messages from another folder).
l identifier may actually see that this folder exists. If identi-
fier does not have the ``l'' right on this folder, the folder is
effectively invisible to identifier.
r identifier may open this folder. Note that if identifier knows
the name of this folder, it can open it even if identifier does
not the ``l'' right on this folder.
s identifier may mark messages in this folder as seen, or unseen.
t identifier may mark messages in this folder as deleted, or
undeleted.
w identifier may change other status flags of messages in this
folder. May also add or remove custom keywords on individual
messages.
x identifier may delete this folder (which includes renaming this
folder as another mailbox's subfoler.
NEGATIVE RIGHTS
An ACL entry of ``-identifier'' and ``rights'' is called a ``negative
right'', which explicitly removes ``rights'' from ``identifier''. More
than one ``identifier'' is usually used to determine the actual rights
someone has for the given folder. The actual access rights are deter-
mined by taking all rights from all applicable identifier, than sub-
tracting any negative rights, as specified in the following section.
IDENTIFIERS
Access rights on a given folder are computed by obtained the rights on
the following identifiers, then subtracting the negative rights on the
same identifiers:
owner The owner of the maildir containing this folder. The maildir's
INBOX's ACL defaults to all rights for its owner. A new
folder's ACL is the same as its parent's ACL. In all cases,
trying to remove the ``a'' right from the owner (either directly
or using a negative right) results in an error.
anyone This identifier refers literally to every userid. The associ-
ated rights (or negative rights) are always used.
anonymous
This is a synonym from ``anyone''.
user=loginid
Rights (or negative rights) for IMAP account ``loginid''.
Note: ``loginid'' is what's logged to syslog after a succesful
login. In some situations ``loginid'' is not exactly the actual
login ID used by the IMAP client.
group=name
Rights (or negative rights) for account group ``name''. Access
rights are granted to an account group as a whole. The account
options feature of the Courier Authentication Library specifies
which account belongs to which account group. See courier-auth-
lib's documentation for more information.
administrators
This is an alias for ``group=administrators''. Accounts that
are members of an account group called ``administrators'' are
considered administrative accounts, and automatically receive
all access rights on all accessible folders.
Consider the following access control list:
owner aceilrstwx
anyone lr
user=john w
-user=mary r
administrators aceilrstwx
This access control list specifies that the folder's owner has complete
control over the mailbox (as well as the administrators, which have
complete access to every folder); everyone else can see it and open it,
except for ``mary'' who can see that the mailbox exists, but can't open
it; additionally, ``john'' can change the status and keywords of indi-
vidual messages (but not mark them as deleted/undeleted or seen/unseen,
which requires additional rights).
OPTIONS
maildiracl -reset maildir
This command resets access control lists in maildir which as a path to
a maildir. Under certain conditions, the files where a folder's ACLs
are saved may continue to exist after the folder is removed. The
-reset options goes through maildir and removes all stale ACL files for
removed folders.
Note: The Courier-IMAP server normally performs this maintenance
function automatically. It is not necessary to run this command
under normal conditions.
maildiracl -list maildir folder
This command lists the access control lists set for folder. folder
must be either ``INBOX'' or ``INBOX.folder.subfolder'', which is the
same naming convention for Courier-IMAP.
maildiracl -set maildir folder identifier rights
Puts identifier (which may begin with a minus sign to specify a nega-
tive right) and rights in folder's access control list. Existing
rights for identifier (or identifier) are replaced by rights unless
``rights'' begins with ``+'' or ``-'', which modifies the existing
rights by adding or removing from them accordingly. Some examples:
maildiracl -set /home/user1/Maildir INBOX.Sent user=john lr
maildiracl -set /home/user2/Maildir INBOX.Notes anyone -r
maildiracl -set /home/user3/Maildir INBOX.Private -user=tom +r
Note: Observe that the last command revokes the ``r'' right from
``tom'', by adding it as a negative right.
maildiracl -delete maildir folder identifier
This command removes identifier from folder's access control list, if
it exists. Use ``-identifier'' to remove negative rights.
maildiracl -compute maildir folder [identifier]+
This command takes a list of one or more identifiers. All access
rights for the identifiers are combined together, then any appropriate
negative rights are removed, and the result is printed on standard out-
put. Use the following procedure to compute access rights the same way
as they are computed by Courier-IMAP:
maildiracl -compute /home/tom46/Maildir INBOX.Sent owner user=tom46
This command computes access rights ``tom46'' has on his own folder.
maildiracl -compute /home/john34/Maildir INBOX.Public user=tom46
This command computes access rights ``tom46'' has on ``john34'''s
folder.
IRREVOCABLE ACCESS RIGHTS
The owner of the mailbox must always have the ``a'' amd ``l'' access
rights. The administrators group must always have all access rights to
all folders. Attempts to set access control lists, that do not include
these minimum access rights, will be rejected.
BUGS
All identifiers are specified using the UTF-8 character set.
All non-Latin letters in folder names are specified using the modified-
UTF7 coding as used in IMAP.
This implementation of access control lists is based on version 2 (or
``ACL2'') of IMAP access control lists, which is a work-in-progress.
The existing IMAP ACL, RFC 2086 is transparently implemented inside the
ACL2 model.
If history's of any guidance, ACL2 is subject to change at any time.
Be sure to check the release notes when upgrading to a newer version of
this software. The ``ACL overview'' portion of this manual page is a
very brief summary of ACL2, which leaves out optional parts of ACL2
that are not implemented.
SEE ALSO
maildirmake(1), maildirkw(1),
Double Precision, Inc. 15 July 2005 MAILDIRACL(1)
|