- Previous message: Bron Gondwana: "Making Replication Robust"
- Maybe in reply to: Gottschalk, David: "Visible shared folders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Bron Gondwana (no email)
Date: Wed Oct 03 2007 - 20:29:37 EDT
On Wed, Oct 03, 2007 at 03:46:19PM -0400, Gottschalk, David wrote:
> I have three different cyrus servers, but I have a strange problem on one of them. It appears that a Shared folder is appearing to all the users on this Cyrus server. The structure goes like this (userid replaced for real username):
>
> -Shared Folders
> - userid
> -INBOX.userid
>
> It's really strange. The folder does not even exist for the user in question, and the permissions for the user aren't even setup for Shared folders. I did a reconstruct on this user, and that did nothing.
>
> Does anyone have any suggestions?
Your user has managed to create an ACL (probably using mulberry or
similar IMAP client that makes it far too easy to share your folder
to the world).
We wrote a patch a while back to disable the 'anyone' ACL for users
who aren't admin to stop exactly this issue - it was accepted into
Cyrus 2.3.9, so if you're running that put this in your imapd.conf:
anyoneuseracl: 0
{ "anyoneuseracl", 1, SWITCH }
/* Should non-admin users be allowed to set ACLs for the 'anyone'
user on their mailboxes? In a large organization this can cause
support problems, but it's enabled by default. */
Regardless, you'll want to delete the ACL that's currently there.
You can do this via imap or directly with cyr_dbtool (again, 2.3.9).
I'm afraid I don't have the exact syntax handy (am on a train with
no imapd running locally to test things against) but you'll be
wanting to use LIST and GETACL to find the folder with the extra
options for 'anyone' on it. We set the anyone ACl to just 'p' so
that lmtp can deliver to any folder.
Bron.
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|