File: defaults.html

package info (click to toggle)
cyrus-imapd 3.10.2-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 59,108 kB
  • sloc: ansic: 284,386; perl: 137,327; javascript: 9,659; sh: 5,730; yacc: 2,565; makefile: 2,188; cpp: 2,147; lex: 662; xml: 621; awk: 303; python: 272; asm: 262
file content (198 lines) | stat: -rw-r--r-- 12,824 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
 
<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" /><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>Access Control Defaults &mdash; Cyrus IMAP 3.10.2 documentation</title>
      <link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" />
      <link rel="stylesheet" href="../../../../_static/css/theme.css" type="text/css" />
      <link rel="stylesheet" href="../../../../_static/graphviz.css" type="text/css" />
      <link rel="stylesheet" href="../../../../_static/cyrus.css" type="text/css" />
  
        <script data-url_root="../../../../" id="documentation_options" src="../../../../_static/documentation_options.js"></script>
        <script src="../../../../_static/jquery.js"></script>
        <script src="../../../../_static/underscore.js"></script>
        <script src="../../../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script src="../../../../_static/doctools.js"></script>
        <script src="../../../../_static/sphinx_highlight.js"></script>
    <script src="../../../../_static/js/theme.js"></script>
    <link rel="index" title="Index" href="../../../../genindex.html" />
    <link rel="search" title="Search" href="../../../../search.html" />
    <link rel="next" title="Access Control Identifier (ACI)" href="identifiers.html" />
    <link rel="prev" title="Combining Access Rights" href="combining-rights.html" /> 
</head>

<body class="wy-body-for-nav"> 
  <div class="wy-grid-for-nav">
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search" >

          
          
          <a href="../../../../index.html" class="icon icon-home">
            Cyrus IMAP
          </a>
              <div class="version">
                3.10.2
              </div>
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>
        </div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
              <p class="caption" role="heading"><span class="caption-text">Cyrus IMAP</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../../download.html">Download</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../quickstart.html">Quickstart Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../overview.html">Overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../setup.html">Setup</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../../../operations.html">Operations</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../manpages/index.html">Man pages</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../admin.html">Administrator Guide</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../admin.html#architecture">Architecture</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="../../admin.html#management">Management</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="../locations.html">File &amp; Directory Locations</a></li>
<li class="toctree-l4"><a class="reference internal" href="../ports-sockets.html">Ports and Sockets</a></li>
<li class="toctree-l4 current"><a class="reference internal" href="../access-control.html">Access Control</a></li>
<li class="toctree-l4"><a class="reference internal" href="../quotas.html">Quotas</a></li>
<li class="toctree-l4"><a class="reference internal" href="../sieve.html">Cyrus Sieve</a></li>
<li class="toctree-l4"><a class="reference internal" href="../backups.html">Cyrus Backups</a></li>
<li class="toctree-l4"><a class="reference internal" href="../nntp.html">Cyrus NNTP</a></li>
<li class="toctree-l4"><a class="reference internal" href="../protlayer.html">Cyrus Prot Layer</a></li>
<li class="toctree-l4"><a class="reference internal" href="../sop.html">Standard Operating Procedures</a></li>
<li class="toctree-l4"><a class="reference internal" href="../eventsource.html">Cyrus Event Source</a></li>
<li class="toctree-l4"><a class="reference internal" href="../monitoring.html">Monitoring</a></li>
<li class="toctree-l4"><a class="reference internal" href="../config-mailboxdistribution.html">Mailbox Distribution</a></li>
<li class="toctree-l4"><a class="reference internal" href="../murder/murder.html">Cyrus Murder</a></li>
<li class="toctree-l4"><a class="reference internal" href="../nginx-proxy.html">HOWTO: Using an NGINX IMAP Proxy</a></li>
<li class="toctree-l4"><a class="reference internal" href="../tweaking.html">Tweaking Cyrus IMAP</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../faq.html">Frequently Asked Questions</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../../developers.html">Developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../../support.html">Support/Community</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Cyrus SASL</span></p>
<ul>
<li class="toctree-l1"><a class="reference external" href="http://www.cyrusimap.org/sasl">Cyrus SASL</a></li>
</ul>

        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../../index.html">Cyrus IMAP</a>
      </nav>

      <div class="wy-nav-content">
        <div class="rst-content">
          <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../../../index.html" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../../../../operations.html">Operations</a></li>
          <li class="breadcrumb-item"><a href="../../admin.html">Administrator Guide</a></li>
          <li class="breadcrumb-item"><a href="../access-control.html">Access Control</a></li>
      <li class="breadcrumb-item active">Access Control Defaults</li>
      <li class="wy-breadcrumbs-aside">
              <a href="https://github.com/cyrusimap/cyrus-imapd/blob/master/docsrc/imap/reference/admin/access-control/defaults.rst" class="fa fa-github"> Edit on GitHub</a>
      </li>
  </ul>
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
             
  <section id="access-control-defaults">
<span id="imap-admin-access-control-defaults"></span><h1>Access Control Defaults<a class="headerlink" href="#access-control-defaults" title="Permalink to this heading"></a></h1>
<section id="administrators">
<h2>Administrators<a class="headerlink" href="#administrators" title="Permalink to this heading"></a></h2>
<p>Regardless of the ACL on a mailbox, users who are listed in the
<code class="docutils literal notranslate"><span class="pre">admins</span></code> configuration option in <a class="reference internal" href="../../manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a> implicitly
have the <code class="docutils literal notranslate"><span class="pre">l</span></code> and <code class="docutils literal notranslate"><span class="pre">a</span></code> rights on all mailboxes.</p>
<p>Administrators can also see across domains which normal users cannot.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>An admin user should not be a normal email account.</p>
</div>
</section>
<section id="mailbox-owners">
<h2>Mailbox owners<a class="headerlink" href="#mailbox-owners" title="Permalink to this heading"></a></h2>
<p>The user who owns a mailbox folder has additional rights which are set
regardless of any additional ACLs. These are:</p>
<ul class="simple">
<li><p><strong>l</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-l"><span class="std std-ref">lookup</span></a></p></li>
<li><p><strong>k</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-k"><span class="std std-ref">create subfolders</span></a></p></li>
<li><p><strong>x</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-x"><span class="std std-ref">delete this folder</span></a></p></li>
<li><p><strong>a</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-a"><span class="std std-ref">administer</span></a></p></li>
</ul>
<p>These are set in <code class="docutils literal notranslate"><span class="pre">implicit_owner_rights</span></code> of <a class="reference internal" href="../../manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</section>
<section id="default">
<h2>Default<a class="headerlink" href="#default" title="Permalink to this heading"></a></h2>
<p>For all other mailboxes not owned by a user, any user accessing these
mailboxes have the following default privileges:</p>
<ul class="simple">
<li><p><strong>l</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-l"><span class="std std-ref">lookup</span></a></p></li>
<li><p><strong>r</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-r"><span class="std std-ref">read contents</span></a></p></li>
<li><p><strong>s</strong> - <a class="reference internal" href="rights-reference.html#imap-admin-access-control-right-s"><span class="std std-ref">seen</span></a></p></li>
</ul>
<p>These are set in <code class="docutils literal notranslate"><span class="pre">defaultacl</span></code> of <a class="reference internal" href="../../manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</section>
<section id="initial-acls-for-newly-created-mailboxes">
<h2>Initial ACLs for Newly Created Mailboxes<a class="headerlink" href="#initial-acls-for-newly-created-mailboxes" title="Permalink to this heading"></a></h2>
<p>When a mailbox is created, its ACL starts off with a copy of the ACL of its closest parent mailbox. When a user is created, the ACL on the user's <code class="docutils literal notranslate"><span class="pre">INBOX</span></code> starts off with a single entry granting all rights to the user. When a non-user mailbox is created and does not have a parent, its ACL is initialized to the value of the <code class="docutils literal notranslate"><span class="pre">defaultacl</span></code> option in <a class="reference internal" href="../../manpages/configs/imapd.conf.html#std-cyrusman-imapd.conf-5">imapd.conf(5)</a>.</p>
</section>
<section id="other-implicit-rights">
<h2>Other Implicit Rights<a class="headerlink" href="#other-implicit-rights" title="Permalink to this heading"></a></h2>
<p>Note that some rights are available implicitly, for example 'anonymous'
always has 'p' on user INBOXes, and users always have <code class="docutils literal notranslate"><span class="pre">la</span></code> rights on
mailboxes within their INBOX hierarchy.</p>
</section>
</section>


           </div>
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="combining-rights.html" class="btn btn-neutral float-left" title="Combining Access Rights" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="identifiers.html" class="btn btn-neutral float-right" title="Access Control Identifier (ACI)" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 1993–2025, The Cyrus Team.</p>
  </div>

  Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
    <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
    provided by <a href="https://readthedocs.org">Read the Docs</a>.
   

</footer>
        </div>
      </div>
    </section>
  </div>
  <script>
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>
 



</body>
</html>