NAME

       maildiracl - manage access control lists

SYNOPSIS

       maildiracl {-reset} {maildir}

       maildiracl {-list} {maildir} {INBOX[.folder]}

       maildiracl {-set} {maildir} {INBOX[.folder]} {[-]identifier} {[+/-]rights}

       maildiracl {-delete} {maildir} {INBOX[.folder]} {[-]identifier}

       maildiracl {-compute} {maildir} {INBOX[.folder]} {identifier...}

DESCRIPTION

       maildiracl manages “access control lists” (or ACLs) of the Courier IMAP server maildir
       folders. Access control lists are used primarily to provide fine-grained control for
       accessing virtual shared folders via IMAP.

           Note
           The Courier IMAP server server implements two types of shared folders: filesystem
           permission-based shared folders, as well as virtual shared folders based on IMAP
           access control lists. Use the maildiracl command to set up access control lists for
           virtual shared folders. Use the maildirmake(1)[1], command to implement shared folders
           based on filesystem permissions.

           See the Courier IMAP server documentation for additional information on setting up
           virtual shared folders.

   ACL overview
       ACLs provide a fine-grained mechanism for controlling access to shared folders. ACLs may
       be used to specify, for example, that user1 may only open and read the messages in the
       folder; and user2 can not only do that, but also delete messages, and create subfolders.

       Each folder maintains its own individual access control list, that specifies who can do
       what to the folder. An ACL is a list of “identifier” and “rights” pairs. Each “identifier”
       and “rights” pair means that an entity called “identifier” (using the UTF-8 character set)
       is allowed to do “rights” on this folder.  “rights” consists of one or more letters, each
       letter signifies a particular action:

       a
           identifier may modify this folder's ACLs.

       c
           identifier may create subfolders of this folder (this includes renaming another folder
           as this folder's subfolders).

       e
           identifier may remove deleted messages from this folder.

       i
           identifier may add messages to this folder (either uploading them one by one, or
           copying messages from another folder).

       l
           identifier may actually see that this folder exists. If identifier does not have the
           “l” right on this folder, the folder is effectively invisible to identifier.

       r
           identifier may open this folder. Note that if identifier knows the name of this
           folder, it can open it even if identifier does not the “l” right on this folder.

       s
           identifier may mark messages in this folder as seen, or unseen.

       t
           identifier may mark messages in this folder as deleted, or undeleted.

       w
           identifier may change other status flags of messages in this folder. May also add or
           remove custom keywords on individual messages.

       x
           identifier may delete this folder (which includes renaming this folder as another
           mailbox's subfoler.

       Negative rights
           An ACL entry of “-identifier” and “rights” is called a “negative right”, which
           explicitly removes “rights” from “identifier”. More than one “identifier” is usually
           used to determine the actual rights someone has for the given folder. The actual
           access rights are determined by taking all rights from all applicable identifier, than
           subtracting any negative rights, as specified in the following section.

       Identifiers
           Access rights on a given folder are computed by obtained the rights on the following
           identifiers, then subtracting the negative rights on the same identifiers:

           owner
               The owner of the maildir containing this folder. The maildir's INBOX's ACL
               defaults to all rights for its owner. A new folder's ACL is the same as its
               parent's ACL. In all cases, trying to remove the “a” right from the owner (either
               directly or using a negative right) results in an error.

           anyone
               This identifier refers literally to every userid. The associated rights (or
               negative rights) are always used.

           anonymous
               This is a synonym from “anyone”.

           user=loginid
               Rights (or negative rights) for IMAP account “loginid”.

                   Note
                   “loginid” is what's logged to syslog after a succesful login. In some
                   situations “loginid” is not exactly the actual login ID used by the IMAP
                   client.

           group=name
               Rights (or negative rights) for account group “name”. Access rights are granted to
               an account group as a whole. The account options feature of the Courier
               Authentication Library specifies which account belongs to which account group. See
               courier-authlib's documentation for more information.

           administrators
               This is an alias for “group=administrators”. Accounts that are members of an
               account group called “administrators” are considered administrative accounts, and
               automatically receive all access rights on all accessible folders.

           Consider the following access control list:

               owner          aceilrstwx
               anyone         lr
               user=john      w
               -user=mary     r
               administrators aceilrstwx

           This access control list specifies that the folder's owner has complete control over
           the mailbox (as well as the administrators, which have complete access to every
           folder); everyone else can see it and open it, except for “mary” who can see that the
           mailbox exists, but can't open it; additionally, “john” can change the status and
           keywords of individual messages (but not mark them as deleted/undeleted or
           seen/unseen, which requires additional rights).

OPTIONS

       maildiracl -reset maildir

       This command resets access control lists in maildir which as a path to a maildir. Under
       certain conditions, the files where a folder's ACLs are saved may continue to exist after
       the folder is removed. The -reset options goes through maildir and removes all stale ACL
       files for removed folders.

           Note
           The Courier IMAP server normally performs this maintenance function automatically. It
           is not necessary to run this command under normal conditions.

       maildiracl -list maildir folder

       This command lists the access control lists set for folder.  folder must be either “INBOX”
       or “INBOX.folder.subfolder”, which is the same naming convention for the Courier IMAP
       server.

       maildiracl -set maildir folder identifier rights

       Puts identifier (which may begin with a minus sign to specify a negative right) and rights
       in folder's access control list. Existing rights for identifier (or identifier) are
       replaced by rights unless “rights” begins with “+” or “-”, which modifies the existing
       rights by adding or removing from them accordingly. Some examples:

           maildiracl -set /home/user1/Maildir INBOX.Sent user=john lr

           maildiracl -set /home/user2/Maildir INBOX.Notes anyone -r

           maildiracl -set /home/user3/Maildir INBOX.Private -user=tom +r

           Note
           Observe that the last command revokes the “r” right from “tom”, by adding it as a
           negative right.

       maildiracl -delete maildir folder identifier

       This command removes identifier from folder's access control list, if it exists. Use
       “-identifier” to remove negative rights.

       maildiracl -compute maildir folder [identifier]+

       This command takes a list of one or more identifiers. All access rights for the
       identifiers are combined together, then any appropriate negative rights are removed, and
       the result is printed on standard output. Use the following procedure to compute access
       rights the same way as they are computed by the Courier IMAP server:

           maildiracl -compute /home/tom46/Maildir INBOX.Sent owner user=tom46

       This command computes access rights “tom46” has on his own folder.

           maildiracl -compute /home/john34/Maildir INBOX.Public user=tom46

       This command computes access rights “tom46” has on “john34”'s folder.

IRREVOCABLE ACCESS RIGHTS

       The owner of the mailbox must always have the “a” amd “l” access rights. The
       administrators group must always have all access rights to all folders. Attempts to set
       access control lists, that do not include these minimum access rights, will be rejected.

BUGS

       All identifiers are specified using the UTF-8 character set.

       All non-Latin letters in folder names are specified using the modified-UTF7 coding as used
       in IMAP.

       This implementation of access control lists is based on version 2 (or “ACL2”) of IMAP
       access control lists, which is a work-in-progress. The existing IMAP ACL, RFC 2086[2] is
       transparently implemented inside the ACL2 model.

       If history's of any guidance, ACL2 is subject to change at any time. Be sure to check the
       release notes when upgrading to a newer version of this software. The “ACL overview”
       portion of this manual page is a very brief summary of ACL2, which leaves out optional
       parts of ACL2 that are not implemented.

SEE ALSO

       maildirmake(1)[1], maildirkw(1)[3],

AUTHOR

       Sam Varshavchik
           Author

NOTES

        1. maildirmake(1)
           http://www.courier-mta.org/maildirmake.html

        2. RFC 2086
           http://www.rfc-editor.org/rfc/rfc2086.txt

        3. maildirkw(1)
           http://www.courier-mta.org/maildirkw.html