IMAP ACL
From Kolab Wiki
You can check, create, set/change and remove acls of mailboxes with the cyrus administrator tool cyradm.
With lam you can check the acl of a mailbox:
cyradm --user=manager localhost lm lam <mailbox>
ACLs can be modified with the cyradm command "sam" in the format:
sam <mailbox> <userid> <permissions>
Permissions
For a IMAP folder you can use the following predefined ACLs:
- none
- read (lrs)
- post (lrsp)
- append (lrsip)
- write (lrswipkxte)
- delete (lrxte)
- all (lrswipkxte)
In addition, you can apply every combination of the following ACL codes:
- l lookup - Permission to see that the mailbox exists.
- r read - Read permission includes searching and copying mail out of the mailbox
- s seen - This keeps the "seen" and "recent" flags for the user.
- w write - This allows the user to change other flags than "seen" and "deleted"
- i insert - This allows the user to insert messages into the mailbox
- p post - This allows the user to send mail to the delivery address of the mailbox. Different from the "i" right in that the delivery system inserts trace information into submitted messages.
- c create - This allows the user to create sub-folders (sub-mailboxes) of the mailbox.
- d delete - This allows the user to store the "Deleted" flag, expunge and rename or delete the mailbox.
- a administrate - This allows the user to change the acl on the mailbox.
- k create mailbox -
- x delete mailbox -
- t delete messages -
- e perform -
How to give the user 'calendar' access to the calendar folders?
1. Connect with cyradm to the Kolab imap server as user manager:
# /kolab/bin/cyradm --user=manager localhost
2. List all ACLs of your calendar folder:
lam user/testuser/calendarFolder@example.com
3. Set ACL ('all' permissions) for user 'calendar':
sam user/testuser/calendarFolder@example.com calendar@example.com all
4. Check the new ACLs:
lam user/testuser/calendarFolder@example.com
