Link to home
Start Free TrialLog in
Avatar of Marco van Beek
Marco van BeekFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Removing permissions on a Cyrus mailbox via a wrapper script

HI,

We are writing a script to reset permissions on a user's mailbox in cyrus, to be used after they leave to allow their manager to access the mailbox but remove everybody else's. It would appear that DeleteAclMailbox only works for a specific userid or group, so you cannot use it to wipe all permissions prior to re-adding the ones we want. What I am looking for is a way to clear all the permissions out without having to do a boring ListAclMailbox loop and then having to pipe that into a DAM command. We just tried running a ListAclMailbox loop on a mailbox with 3700+ sub-folders and we killed the script after 5 minutes.

So ideally we are looking for a command or trick that can just remove all the ACL's on a complete mailbox and sub-folders. we have even looked at deleting the cyrus.header file and then running reconstruct, but we feel that is a bit extreme.

Any ideas anyone?
Avatar of noci
noci

I am afraid that  there is no quicky on this,
All info is kept in the cyrus database, not in the filesystem. (The imap rights do not directly map onto
filesystem rights.).

BTW, you are aware that cyradm is a perl script?
Cyrus::IMAP::Shell  is the module that implements it.
There also is a module called Cyrus::IMAP::Admin which can be used for direct manipulation from perl

See for a manpage:
http://www.manpagez.com/man/3/Cyrus::IMAP::Admin/

The Admin module is used by the Shell to implement the commands. So it may be far more effective to use the Admin module directly.
Avatar of Marco van Beek

ASKER

We are already using a wrapper script , so doing the loop is not programatically difficult, but given our tests with a large set of nested mailboxes, it can take a long time for LAM to run, and we are trying to do something interactive, so a five minute wait would be a no-no.

Our plan at the moment is to call a ListAclMailbox on the tree, and then get a list of unique users / groups and use that info to call DeleteAclMailbox, but it is a shame there isn't a "DeleteAclMailbox <mailbox> *" or similar, or even a ResetAclMailbox that returned the mailbox permissions to the default state.
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial