Marco van Beek
asked on
Removing permissions on a Cyrus mailbox via a wrapper script
HI,
We are writing a script to reset permissions on a user's mailbox in cyrus, to be used after they leave to allow their manager to access the mailbox but remove everybody else's. It would appear that DeleteAclMailbox only works for a specific userid or group, so you cannot use it to wipe all permissions prior to re-adding the ones we want. What I am looking for is a way to clear all the permissions out without having to do a boring ListAclMailbox loop and then having to pipe that into a DAM command. We just tried running a ListAclMailbox loop on a mailbox with 3700+ sub-folders and we killed the script after 5 minutes.
So ideally we are looking for a command or trick that can just remove all the ACL's on a complete mailbox and sub-folders. we have even looked at deleting the cyrus.header file and then running reconstruct, but we feel that is a bit extreme.
Any ideas anyone?
We are writing a script to reset permissions on a user's mailbox in cyrus, to be used after they leave to allow their manager to access the mailbox but remove everybody else's. It would appear that DeleteAclMailbox only works for a specific userid or group, so you cannot use it to wipe all permissions prior to re-adding the ones we want. What I am looking for is a way to clear all the permissions out without having to do a boring ListAclMailbox loop and then having to pipe that into a DAM command. We just tried running a ListAclMailbox loop on a mailbox with 3700+ sub-folders and we killed the script after 5 minutes.
So ideally we are looking for a command or trick that can just remove all the ACL's on a complete mailbox and sub-folders. we have even looked at deleting the cyrus.header file and then running reconstruct, but we feel that is a bit extreme.
Any ideas anyone?
ASKER
We are already using a wrapper script , so doing the loop is not programatically difficult, but given our tests with a large set of nested mailboxes, it can take a long time for LAM to run, and we are trying to do something interactive, so a five minute wait would be a no-no.
Our plan at the moment is to call a ListAclMailbox on the tree, and then get a list of unique users / groups and use that info to call DeleteAclMailbox, but it is a shame there isn't a "DeleteAclMailbox <mailbox> *" or similar, or even a ResetAclMailbox that returned the mailbox permissions to the default state.
Our plan at the moment is to call a ListAclMailbox on the tree, and then get a list of unique users / groups and use that info to call DeleteAclMailbox, but it is a shame there isn't a "DeleteAclMailbox <mailbox> *" or similar, or even a ResetAclMailbox that returned the mailbox permissions to the default state.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
All info is kept in the cyrus database, not in the filesystem. (The imap rights do not directly map onto
filesystem rights.).
BTW, you are aware that cyradm is a perl script?
Cyrus::IMAP::Shell is the module that implements it.
There also is a module called Cyrus::IMAP::Admin which can be used for direct manipulation from perl
See for a manpage:
http://www.manpagez.com/man/3/Cyrus::IMAP::Admin/
The Admin module is used by the Shell to implement the commands. So it may be far more effective to use the Admin module directly.