lrswipkxtecda in Cyrus

imap cyrus

IMAP4 allows the use of shared mailboxes. Therefore it makes sense to have some control over the rights a user has on a mailbox. Those rights are defined with access control lists (ACL). Cyrus IMAPd uses ACLs to control access to any type of mailbox, be it private, shared or public.

Every mailbox contains an ACL, which is a list of access control entries. Those entries consists of a userid and the rights, the user has on the particular mailbox.

The rights are (RFC4314):

l - lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE
    mailbox)
r - read (SELECT the mailbox, perform STATUS)
s - keep seen/unseen information across sessions (set or clear
    \SEEN flag via STORE, also set \SEEN during APPEND/COPY/
    FETCH BODY[...])
w - write (set or clear flags other than \SEEN and \DELETED via
    STORE, also set them during APPEND/COPY)
i - insert (perform APPEND, COPY into mailbox)
p - post (send mail to submission address for mailbox,
    not enforced by IMAP4 itself)
k - create mailboxes (CREATE new sub-mailboxes in any
    implementation-defined hierarchy, parent mailbox for the new
    mailbox name in RENAME)
x - delete mailbox (DELETE mailbox, old mailbox name in RENAME)
t - delete messages (set or clear \DELETED flag via STORE, set
    \DELETED flag during APPEND/COPY)
e - perform EXPUNGE and expunge as a part of CLOSE
a - administer (perform SETACL/DELETEACL/GETACL/LISTRIGHTS)

"c" and "d" are obsolete as of RFC4314 (section 2.1.1.).

To administer ACLs in cyrus, you can use cyradm:

setaclmailbox shared.questions jenny lrs
listaclmailbox shared.questions
deleteaclmailbox shared.questions jenny

Some optimizations:

  • Use shorter command names: sam, lam, dam
  • Use wildcards for mailboxes: sam shared.* jenny lrs
  • Use anyone to set rights for all users: sam shared.* anyone lrswipkxtecda
  • Use all to allow everything: sam shared.* anyone all
  • Prefixing the user name with a dash can be used to "remove" rights to a mailbox: sam shared.secret -edgar all

These are ACL codes for mailboxes, I guess. I only guess as you are giving no context at all.

Some ACL codes (from here). 

l  Look up the name of the mailbox (but not its contents).
r  Read the contents of the mailbox.
s  Preserve the "seen" and "recent" status of messages across IMAP sessions.
w  Write (change message flags such as "recent," "answered," and "draft").
i  Insert (move or copy) a message into the mailbox.
p  Post a message in the mailbox by sending the message
c  Create a new mailbox below the top-level mailbox (ordinary users cannot create top-level mailboxes).
d  Delete a message and/or the mailbox itself.
a  Administer the mailbox (change the mailbox's ACL).

Related

Troubleshooting poor disk IO performance
Can an NS Record Point To Multiple A Records?
What is the maximum number of socket connections on Linux?
ExRecipNotFound; not found after disabling / recreating mailbox in exchange - x500 not working
How to set up sshd so that it never asks for a password for a specific user?
Can't add local user on system using ldap auth for samba [closed]
Send Apache Access Logs to syslog
Extending the Windows Task Scheduler log file
Windows Server 2012 WDS and Linux Booting
Linux buffer memory always stays at zero
my first "production" debian server configuration
Detailed Errors not working for WCF Service in IIS