maildiracl — manage access control lists
maildiracl
{-reset} {maildir
}
maildiracl
{-list} {maildir
} {INBOX[.folder]
}
maildiracl
{-set} {maildir
} {INBOX[.folder]
} {[-]identifier
} {[+/-]rights
}
maildiracl
{-delete} {maildir
} {INBOX[.folder]
} {[-]identifier
}
maildiracl
{-compute} {maildir
} {INBOX[.folder]
} {identifier
...}
maildiracl manages “access control lists” (or ACLs) of the Courier IMAP server maildir folders. Access control lists are used primarily to provide fine-grained control for accessing virtual shared folders via IMAP.
The Courier IMAP server server implements two types of shared folders: filesystem permission-based shared folders, as well as virtual shared folders based on IMAP access control lists. Use the maildiracl command to set up access control lists for virtual shared folders. Use the maildirmake(1), command to implement shared folders based on filesystem permissions.
See the Courier IMAP server documentation for additional information on setting up virtual shared folders.
ACLs provide a fine-grained mechanism for controlling
access to shared folders.
ACLs may be used to specify, for example, that
user1
may only open and read the messages in the folder;
and user2
can not only do that, but also delete messages,
and create subfolders.
Each folder maintains its own individual access control list, that specifies
who can do what to the folder.
An ACL is a list of “identifier” and “rights”
pairs.
Each “identifier” and “rights” pair means that an
entity called “identifier”
(using the UTF-8
character set)
is allowed to do “rights”
on this folder.
“rights” consists of one or more letters, each letter
signifies a particular action:
identifier
may modify this folder's ACLs.
identifier
may create subfolders of this folder (this includes renaming another
folder as this folder's subfolders).
identifier
may remove deleted messages from this folder.
identifier
may add messages to this folder (either uploading them one by one,
or copying messages from another folder).
identifier
may actually see that this folder exists.
If identifier
does not have the “l”
right on this folder, the folder is effectively invisible to
identifier
.
identifier
may open this folder.
Note that if identifier
knows the name of this folder, it can open it even if
identifier
does not the “l”
right on this folder.
identifier
may mark messages in this folder as seen, or unseen.
identifier
may mark messages in this folder as deleted, or undeleted.
identifier
may change other status flags of messages in this folder.
May also add or remove custom keywords on individual messages.
identifier
may delete this folder (which includes renaming this folder as another
mailbox's subfoler.
An ACL entry of “-identifier” and “rights”
is called a “negative right”, which
explicitly removes “rights” from “identifier”.
More than one “identifier” is usually used to determine the
actual rights someone has for the given folder.
The actual access rights are determined by taking all rights from all
applicable identifier
, than subtracting any
negative rights, as specified in the following section.
Access rights on a given folder are computed by obtained the rights on the following identifiers, then subtracting the negative rights on the same identifiers:
owner
The owner of the maildir containing this folder. The maildir's INBOX's ACL defaults to all rights for its owner. A new folder's ACL is the same as its parent's ACL. In all cases, trying to remove the “a” right from the owner (either directly or using a negative right) results in an error.
anyone
This identifier refers literally to every userid. The associated rights (or negative rights) are always used.
anonymous
This is a synonym from “anyone”.
user=
loginid
Rights (or negative rights) for IMAP account “loginid”.
“loginid” is what's logged to syslog after a succesful login. In some situations “loginid” is not exactly the actual login ID used by the IMAP client.
group=
name
Rights (or negative rights) for account group “name”. Access rights are granted to an account group as a whole. The account options feature of the Courier Authentication Library specifies which account belongs to which account group. See courier-authlib's documentation for more information.
administrators
This is an alias for “group=administrators”. Accounts that are members of an account group called “administrators” are considered administrative accounts, and automatically receive all access rights on all accessible folders.
Consider the following access control list:
owner aceilrstwx anyone lr user=john w -user=mary r administrators aceilrstwx
This access control list specifies that the folder's owner has complete control over the mailbox (as well as the administrators, which have complete access to every folder); everyone else can see it and open it, except for “mary” who can see that the mailbox exists, but can't open it; additionally, “john” can change the status and keywords of individual messages (but not mark them as deleted/undeleted or seen/unseen, which requires additional rights).
maildiracl -reset
maildir
This command resets access control lists in
which as a path to a maildir.
Under certain conditions, the files where a folder's ACLs are saved may
continue to exist after the folder is removed.
The maildir
-reset
options goes through
maildir
and removes all stale ACL files for removed folders.
The Courier IMAP server normally performs this maintenance function automatically. It is not necessary to run this command under normal conditions.
maildiracl -list
maildir
folder
This command
lists the access control lists set for folder
.
folder
must be either
“INBOX” or “INBOX.folder.subfolder”, which is the
same naming convention for
the Courier IMAP server.
maildiracl -set
maildir
folder
identifier
rights
Puts identifier
(which may begin with a minus
sign to specify a negative right) and
rights
in
folder
's access control list.
Existing rights for
identifier
(or identifier
) are replaced by
rights
unless “rights” begins with
“+” or “-”, which modifies the existing rights
by adding or removing from them accordingly.
Some examples:
maildiracl -set /home/user1/Maildir INBOX.Sent user=john lr maildiracl -set /home/user2/Maildir INBOX.Notes anyone -r maildiracl -set /home/user3/Maildir INBOX.Private -user=tom +r
Observe that the last command revokes the “r” right from “tom”, by adding it as a negative right.
maildiracl -delete
maildir
folder
identifier
This command removes identifier
from
folder
's access control list, if it exists.
Use “-identifier
” to remove
negative rights.
maildiracl -compute
maildir
folder
[identifier
]+
This command takes a list of one or more
identifier
s.
All access rights for the
identifier
s are combined together, then
any appropriate negative rights are removed, and the result is printed
on standard output.
Use the following procedure to compute access rights the same way as they
are computed by
the Courier IMAP server:
maildiracl -compute /home/tom46/Maildir INBOX.Sent owner user=tom46
This command computes access rights “tom46” has on his own folder.
maildiracl -compute /home/john34/Maildir INBOX.Public user=tom46
This command computes access rights “tom46” has on “john34”'s folder.
The owner of the mailbox must always have the “a” amd
“l” access rights.
The administrators
group must always have all access
rights to all folders.
Attempts to set access control lists, that do not include these minimum
access rights, will be rejected.
All identifiers are specified using the UTF-8
character
set.
All non-Latin letters in folder names are specified using the
modified-UTF7
coding as used in IMAP.
This implementation of access control lists is based on version 2 (or “ACL2”) of IMAP access control lists, which is a work-in-progress. The existing IMAP ACL, RFC 2086 is transparently implemented inside the ACL2 model.
If history's of any guidance, ACL2 is subject to change at any time. Be sure to check the release notes when upgrading to a newer version of this software. The “ACL overview” portion of this manual page is a very brief summary of ACL2, which leaves out optional parts of ACL2 that are not implemented.