Re: setting acl on autocreate folders

Thu, 10 May 2018 23:21:07 -0700 

Ellie,
Thanks for checking. My doubt came from another documentation (https://www.cyrusimap.org/docs/cyrus-imapd/2.5.9/faq.php): 

   plus addressing - Plus addressing allows direct delivery to a
   particular mailbox (other than an INBOX). This is done in two ways.

   The first way allows delivery to a subfolder of a specific user's
   INBOX. This is done via an address of the form:
   username+mailfolder@domain, which will deliver to the user's
   INBOX.mailfolder folder (or altnamespace equivalent). *This
   submailbox must allow the posting user the 'p' right (generally,
   this means 'anyone' must have the 'p' right), otherwise the message
   will just be filed into the user's INBOX.*



So what I'm observing in practice is that the "-a" option is not enough 
to deliver plus+addressed mails without the "anyone p" ACL permission in 
the folder, which makes me think that the user for "-a" option is not 
from the admins group, though it probably should be, right? I.e. lmtpd 
-a should be delivering plus+addressed mails without the "anyone p" ACL 
permission?


*From:* Ellie Timoney
*Sent:* Friday, May 11, 2018 02:33
*To:* Info-cyrus
*Subject:* Re: setting acl on autocreate folders


Looks like "postman" from a skim of the source, and I believe this is 
the same user as when connecting via a UNIX socket:


https://github.com/cyrusimap/cyrus-imapd/blob/15c812df6a020414a2e8863fe1afdfa3273a7bad/imap/lmtpengine.c#L993-L1005


But I would welcome correction from someone who knows, I'm just looking 
at the code.


Cheers,

ellie

On Fri, May 11, 2018, at 3:20 PM, Anatoli wrote:

Hi Ellie,


Chen's question made me recheck the docs and now I have a doubt. Could 
you please clarify under what user the LMTP-delivered mails enters 
Cyrus when "-a" option is used over TCP with lmtpd (i.e. lmtp 
cmd="lmtpd -a" listen="127.0.0.1:2004")?



The documentation 
(https://cyrusimap.org/imap/concepts/overview_and_concepts.html#local-mail-transfer-protocol-lmtp) 
says:



    For final delivery via /LMTP over a TCP socket, it is necessary to
    use LMTP AUTH/. This is accomplished using SASL to authenticate
    the delivering user. If your mail server is performing delivery
    via LMTP AUTH (that is, using a SASL mechanism), you will want
    their authentication id to be an LMTP admins (either via the
    admins imapd.conf option or via the <service>_admins option,
    typically lmtp_admins).

    Alternatively you may deliver via /LMTP to a unix domain socket/,
    and /the connection will be preauthenticated as an administrative
    user/ (and access control is accomplished by controlling access to
    the socket).



But it doesn't say anything about the "-a:/Preauthorize connections 
initiated on an internet socket/, instead of requiring LMTP AUTH." 
(https://www.cyrusimap.org/imap/reference/manpages/systemcommands/lmtpd.html#cmdoption-lmtpd-a).


Thanks,
Anatoli

*From:* Ellie Timoney
*Sent:* Friday, May 11, 2018 00:46
*To:* Info-cyrus
*Subject:* Re: setting acl on autocreate folders


Hi Chen,



So, the question : is it possible to set specific ACLs on autocreated
folders ? (i.e., ACLs, different from those defined by defaultacl in
imapd.conf).


I believe the autocreate mechanism has no particular knowledge of ACLs all all. 
It just uses the standard Cyrus policy for assigning them, with no way to 
override it.

Cheers,

ellie

On Wed, May 9, 2018, at 6:37 PM, Chentao Credungtao via Info-cyrus wrote:


Hello,

This question has been asked twice before by different users, but no
answer has ever be given.

In 2012 :https://www.spinics.net/lists/info-cyrus/msg14612.html

In 2016 :https://www.spinics.net/lists/info-cyrus/msg17385.html

I guess the answer is NO, but just the same I thought i'd asked again to
be sure.

So, the question : is it possible to set specific ACLs on autocreated
folders ? (i.e., ACLs, different from those defined by defaultacl in
imapd.conf).

Thanks,

Chen

----
Cyrus Home Page:http://www.cyrusimap.org/
List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


----
Cyrus Home Page:http://www.cyrusimap.org/
List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus





















					Reply via email to