• News
• Download
• Documentation
  • Overview
  • Architecture
  • Installation
  • Configuration
  • Admin tool
  • Database
• Roadmap
• Mailing Lists
• Privacy
• FAQ

Setting access control lists

The aox setacl command sets or adjusts the access control list for a named user or anyone on a mailbox (and its children).

There is one switch, -d, and 2-3 arguments, namely the mailbox, the user name (or anyone), the mailbox, and the rights.

The mailbox name must always be given, and must always start with /. The inbox of user Nirmala is thus called /users/nirmala/inbox.

The user name is the login name, or anyone if the ACL should apply to anyone.

The rights is a string of letters as given in the ACL description, e.g. lr to grant read-only access to a mailbox or the empty string to deny all access.

If the rights string starts with +, then the specified rights are added to the existing rights. If it starts with -, then the specified rights are subtransacted from the existing rights. Otherwise, the specified rights replace the existing rights completely.

The -d switch removes rights instead of changing them. If you specify -d, you should not specify any rights.

This example shows how make mailboxes invisible to other users by default:

aox setacl / anyone ''

/ is the root of all mailboxes, so the ACL applies to all mailboxes, unless there are more specific. anyone means it applies to anyone, unless there are user-specific rules. '' means that anyone has no rights.

Since the owner of a mailbox has all rights, this effectively means that each user can do everything to his/her own mailboxes and not even see anyone else's mailboxes.

This example shows how to make other users' mailboxes visible to user Nirmala:

aox setacl /users nirmala l

/users is closer to e.g. /users/freida/work than /, so if Nirmala tries to access /users/freida/work, Archiveopteryx uses the ACL for /users, not the one for /. l means that Nirmala can see the mailbox name(s), but not do anything else.

This example shows how to remove Nirmala's configured rights on /users (so she again will be covered by the anyone rule):

aox setacl -d /users nirmala

This example shows how to add the l right to whatever righs Nirmala currently has on /users:

aox setacl /users nirmala +l

Setacl computes Nirmala's current ACL on /users, then adds l and writes the result into the database.

Rights can be removed in the same way:

aox setacl /users nirmala -r

Setacl computes Nirmala's current ACL on /users, then removes r and writes the result into the database.

In case of questions, please write to info@aox.org.

Relevant links

• Access control in Archiveopteryx
• Other aox commands:
  anonymise, change address, change password, change username, check config, check database, create alias, create mailbox, create user, create view, delete alias, delete mailbox, delete messages, delete user, flush queue, grant privileges, help, list aliases, list mailboxes, list rights, list users, reparse, restart, retain messages, show build, show configuration, show counts, show queue, show retention, show schema, show search, show status, start, stop, tune database, undelete, update database, upgrade schema, vacuum

About this page

Last modified: 2010-05-02
Location: aox.org/aox/setacl