diff options
Diffstat (limited to '')
-rw-r--r-- | doc/man/doveadm-acl.1.in | 270 |
1 files changed, 270 insertions, 0 deletions
diff --git a/doc/man/doveadm-acl.1.in b/doc/man/doveadm-acl.1.in new file mode 100644 index 0000000..b79bc6c --- /dev/null +++ b/doc/man/doveadm-acl.1.in @@ -0,0 +1,270 @@ +.\" Copyright (c) 2014-2018 Dovecot authors, see the included COPYING file +.TH DOVEADM\-ACL 1 "2015-05-09" "Dovecot v2.3" "Dovecot" +.SH NAME +doveadm\-acl \- Manage Access Control List (ACL) +.\"------------------------------------------------------------------------ +.SH SYNOPSIS +.BR doveadm " [" \-Dv ] +[\fB\-f\fP \fIformatter\fP] +.BI acl \ command +.RI [ OPTIONS ]\ [ ARGUMENTS ] +.\"------------------------------------------------------------------------ +.SH DESCRIPTION +The +.B doveadm acl +.I COMMANDS +can be used to execute various Access Control List related actions. +.\"------------------------------------------------------------------------ +@INCLUDE:global-options-formatter@ +.\" --- command specific options --- "/. +.PP +This command uses by default the output formatter +.BR table . +.PP +Command specific +.IR options : +.\"------------------------------------- +@INCLUDE:option-A@ +.\"------------------------------------- +@INCLUDE:option-F-file@ +.\"------------------------------------- +@INCLUDE:option-S-socket@ +.\"------------------------------------- +@INCLUDE:option-u-user@ +.\"------------------------------------------------------------------------ +.SH ARGUMENTS +.TP +.I id +The id (identifier) is one of: +.RS +.RS +.TP 4 +* +.BR group\-override =\c +.I group_name +.\"----------------- +.TP +* +.BR user =\c +.I user_name +.\"----------------- +.TP +* +.B owner +.\"----------------- +.TP +* +.BR group =\c +.I group_name +.\"----------------- +.TP +* +.B authenticated +.\"----------------- +.TP +* +.BR anyone " (or " anonymous ", which is an alias for anyone)" +.\"----------------- +.RE +.PP +The ACLs are processed in the precedence given above, so for example if you +have given read\-access to a group, you can still remove that from specific +users inside the group. +.br +Group\-override identifier allows you to override users\(aq ACLs. +Probably the most useful reason to do this is to temporarily disable +access for some users. +For example: +.PP +.nf +user=timo rw +group\-override=tempdisabled +.fi +.PP +Now if timo is a member of the tempdisabled group, he has no access to the +mailbox. +This wouldn\(aqt be possible with a normal group identifier, because the +.B user=timo +would override it. +.RE +.\"------------------------------------- +.TP +.I mailbox +The name of the mailbox, for which the ACL manipulation should be done. +It\(aqs also possible to use the wildcard characters +.RB \(dq * "\(dq and/or \(dq" ? \(dq +in the mailbox name. +.\"------------------------------------- +.TP +.I right +Dovecot ACL right name. This isn\(aqt the same as the IMAP ACL letters, +which aren\(aqt currently supported. +Here is a mapping of the IMAP ACL letters to Dovecot ACL names: +.RS +.RS +.TP 4 +.B l \(-> lookup +.I Mailbox +is visible in mailbox list. +.I Mailbox +can be subscribed to. +.\"----------------- +.TP +.B r \(-> read +.I Mailbox +can be opened for reading. +.\"----------------- +.TP +.B w \(-> write +Message flags and keywords can be changed, except +.BR \(rsSeen " and " \(rsDeleted . +.\"----------------- +.TP +.B s \(-> write\-seen +.B \(rsSeen +flag can be changed. +.\"----------------- +.TP +.B t \(-> write\-deleted +.B \(rsDeleted +flag can be changed. +.\"----------------- +.TP +.B i \(-> insert +Messages can be written or copied to the +.IR mailbox . +.\"----------------- +.TP +.B p \(-> post +Messages can be posted to the +.I mailbox +by +.BR dovecot\-lda , +e.g. from Sieve scripts. +.\"----------------- +.TP +.B e \(-> expunge +Messages can be expunged. +.\"----------------- +.TP +.B k \(-> create +Mailboxes can be created/renamed directly under this +.I mailbox +(but not necessarily under its children, see +.I ACL Inheritance +in the wiki). +.br +Note: Renaming also requires the delete right. +.\"----------------- +.TP +.B x \(-> delete +.I Mailbox +can be deleted. +.\"----------------- +.TP +.B a \(-> admin +Administration rights to the +.I mailbox +(currently: ability to change ACLs for +.IR mailbox ). +.RE +.RE +.\"------------------------------------------------------------------------ +.SH COMMANDS +.SS acl add +.B doveadm acl add +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox id right +.RI [ right " ...]" +.PP +Add ACL rights to the +.IR mailbox / id . +If the +.I id +already exists, the existing rights are preserved. +.\"------------------------------------- +.SS acl debug +.B doveadm acl debug +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox +.PP +This command can be used to debug why a shared mailbox isn\(aqt +accessible to the user. +It will list exactly what the problem is. +.\"------------------------------------- +.SS acl delete +.B doveadm acl delete +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox id +.PP +Remove the whole ACL entry for the +.IR mailbox / id . +.\"------------------------------------- +.SS acl get +.B doveadm acl get +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.RB [ \-m ] +.I mailbox +.PP +Show all the ACLs for the +.IR mailbox . +.\"------------------------------------- +.SS acl recalc +.B doveadm acl recalc +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.PP +Make sure the +.IR user \(aqs +shared mailboxes exist correctly in the +.IR acl_shared_dict . +.\"------------------------------------- +.SS acl remove +.B doveadm acl remove +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox id right +.RI [ right " ...]" +.PP +Remove the specified ACL rights from the +.IR mailbox / id . +If all rights are removed, the entry still exists without any rights. +.\"------------------------------------- +.SS acl rights +.B doveadm acl rights +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox +.PP +Show the +.IR user \(aqs +current ACL rights for the +.IR mailbox . +.\"------------------------------------- +.SS acl set +.B doveadm acl set +[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP] +[\fB\-S\fP \fIsocket_path\fP] +.I mailbox id right +.RI [ right " ...]" +.PP +Set ACL rights to the +.IR mailbox / id . +If the +.I id +already exists, the existing rights are replaced. +.\"------------------------------------------------------------------------ +@INCLUDE:reporting-bugs@ +.\"------------------------------------------------------------------------ +.SH SEE ALSO +.BR doveadm (1), +.BR dovecot\-lda (1) +.\"------------------------------------- +.PP +Additional resources: +.IP "ACL Inheritance" +http://wiki2.dovecot.org/ACL#ACL_Inheritance
\ No newline at end of file |