The aox setacl command sets or adjusts the access control list for a named user or anyone on a mailbox (and its children).
There is one switch, -d, and 2-3 arguments, namely the mailbox, the user name (or anyone), the mailbox, and the rights.
The mailbox name must always be given, and must always start with /. The inbox of user Nirmala is thus called /users/nirmala/inbox.
The user name is the login name, or anyone if the ACL should apply to anyone.
The rights is a string of letters as given in the ACL description, e.g. lr to grant read-only access to a mailbox or the empty string to deny all access.
If the rights string starts with +, then the specified rights are added to the existing rights. If it starts with -, then the specified rights are subtransacted from the existing rights. Otherwise, the specified rights replace the existing rights completely.
The -d switch removes rights instead of changing them. If you specify -d, you should not specify any rights.
This example shows how make mailboxes invisible to other users by default:
aox setacl / anyone ''
/ is the root of all mailboxes, so the ACL applies to all mailboxes, unless there are more specific. anyone means it applies to anyone, unless there are user-specific rules. '' means that anyone has no rights.
Since the owner of a mailbox has all rights, this effectively means that each user can do everything to his/her own mailboxes and not even see anyone else's mailboxes.
This example shows how to make other users' mailboxes visible to user Nirmala:
aox setacl /users nirmala l
/users is closer to e.g. /users/freida/work than /, so if Nirmala tries to access /users/freida/work, Archiveopteryx uses the ACL for /users, not the one for /. l means that Nirmala can see the mailbox name(s), but not do anything else.
This example shows how to remove Nirmala's configured rights on /users (so she again will be covered by the anyone rule):
aox setacl -d /users nirmala
This example shows how to add the l right to whatever righs Nirmala currently has on /users:
aox setacl /users nirmala +l
Setacl computes Nirmala's current ACL on /users, then adds l and writes the result into the database.
Rights can be removed in the same way:
aox setacl /users nirmala -r
Setacl computes Nirmala's current ACL on /users, then removes r and writes the result into the database.
In case of questions, please write to firstname.lastname@example.org.
Last modified: 2010-11-19