Setting access control lists

The aox setacl command sets or adjusts the access control list for a named user or anyone on a mailbox (and its children).

There is one switch, -d, and 2-3 arguments, namely the mailbox, the user name (or anyone), the mailbox, and the rights.

The mailbox name must always be given, and must always start with /. The inbox of user Nirmala is thus called /users/nirmala/inbox.

The user name is the login name, or anyone if the ACL should apply to anyone.

The rights is a string of letters as given in the ACL description, e.g. lr to grant read-only access to a mailbox or the empty string to deny all access.

If the rights string starts with +, then the specified rights are added to the existing rights. If it starts with -, then the specified rights are subtransacted from the existing rights. Otherwise, the specified rights replace the existing rights completely.

The -d switch removes rights instead of changing them. If you specify -d, you should not specify any rights.

This example shows how make mailboxes invisible to other users by default:

aox setacl / anyone ''

/ is the root of all mailboxes, so the ACL applies to all mailboxes, unless there are more specific. anyone means it applies to anyone, unless there are user-specific rules. '' means that anyone has no rights.

Since the owner of a mailbox has all rights, this effectively means that each user can do everything to his/her own mailboxes and not even see anyone else's mailboxes.

This example shows how to make other users' mailboxes visible to user Nirmala:

aox setacl /users nirmala l

/users is closer to e.g. /users/freida/work than /, so if Nirmala tries to access /users/freida/work, Archiveopteryx uses the ACL for /users, not the one for /. l means that Nirmala can see the mailbox name(s), but not do anything else.

This example shows how to remove Nirmala's configured rights on /users (so she again will be covered by the anyone rule):

aox setacl -d /users nirmala

This example shows how to add the l right to whatever righs Nirmala currently has on /users:

aox setacl /users nirmala +l

Setacl computes Nirmala's current ACL on /users, then adds l and writes the result into the database.

Rights can be removed in the same way:

aox setacl /users nirmala -r

Setacl computes Nirmala's current ACL on /users, then removes r and writes the result into the database.

In case of questions, please write to info@aox.org.

Relevant links

About this page

Last modified: 2010-11-19
Location: aox.org/aox/setacl