2

What exactly is lrswipkxtecda in Cyrus? I've gathered from here that it has something to do with ACLs for the mailboxes in Cyrus but can someone shed some more light on it? Do the individual letters stand for something?

I found this the first time I took the dump of mailboxes.db and then subsequently when I tried to do some operation which wasn't permitted (example, it'd show up in the verbose output while trying to delete a mailbox without applying delete permission to the cyrus user).

PS: I don't know if such a small question is going to be answered but googling didn't yield anything specific, so I thought it'd be better to ask.

rahuL
  • 688
  • 2
  • 12
  • 31

2 Answers2

3

IMAP4 allows the use of shared mailboxes. Therefore it makes sense to have some control over the rights a user has on a mailbox. Those rights are defined with access control lists (ACL). Cyrus IMAPd uses ACLs to control access to any type of mailbox, be it private, shared or public.

Every mailbox contains an ACL, which is a list of access control entries. Those entries consists of a userid and the rights, the user has on the particular mailbox.

The rights are (RFC4314):

l - lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE
    mailbox)
r - read (SELECT the mailbox, perform STATUS)
s - keep seen/unseen information across sessions (set or clear
    \SEEN flag via STORE, also set \SEEN during APPEND/COPY/
    FETCH BODY[...])
w - write (set or clear flags other than \SEEN and \DELETED via
    STORE, also set them during APPEND/COPY)
i - insert (perform APPEND, COPY into mailbox)
p - post (send mail to submission address for mailbox,
    not enforced by IMAP4 itself)
k - create mailboxes (CREATE new sub-mailboxes in any
    implementation-defined hierarchy, parent mailbox for the new
    mailbox name in RENAME)
x - delete mailbox (DELETE mailbox, old mailbox name in RENAME)
t - delete messages (set or clear \DELETED flag via STORE, set
    \DELETED flag during APPEND/COPY)
e - perform EXPUNGE and expunge as a part of CLOSE
a - administer (perform SETACL/DELETEACL/GETACL/LISTRIGHTS)

"c" and "d" are obsolete as of RFC4314 (section 2.1.1.).

To administer ACLs in cyrus, you can use cyradm:

setaclmailbox shared.questions jenny lrs
listaclmailbox shared.questions
deleteaclmailbox shared.questions jenny

Some optimizations:

  • Use shorter command names: sam, lam, dam
  • Use wildcards for mailboxes: sam shared.* jenny lrs
  • Use anyone to set rights for all users: sam shared.* anyone lrswipkxtecda
  • Use all to allow everything: sam shared.* anyone all
  • Prefixing the user name with a dash can be used to "remove" rights to a mailbox: sam shared.secret -edgar all
julg
  • 31
  • 2
2

These are ACL codes for mailboxes, I guess. I only guess as you are giving no context at all.

Some ACL codes (from here).

l  Look up the name of the mailbox (but not its contents).
r  Read the contents of the mailbox.
s  Preserve the "seen" and "recent" status of messages across IMAP sessions.
w  Write (change message flags such as "recent," "answered," and "draft").
i  Insert (move or copy) a message into the mailbox.
p  Post a message in the mailbox by sending the message
c  Create a new mailbox below the top-level mailbox (ordinary users cannot create top-level mailboxes).
d  Delete a message and/or the mailbox itself.
a  Administer the mailbox (change the mailbox's ACL).
Sven
  • 97,248
  • 13
  • 177
  • 225
  • Sorry, updated question to add context. And thanks 'coz this is quite helpful. So if I understood this, the string specifies what actions are permitted by that particular user, right? also, what do k,x,t and e stand for? – rahuL Aug 31 '13 at 11:04