summaryrefslogtreecommitdiffstats
path: root/doc/man/doveadm-acl.1.in
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--doc/man/doveadm-acl.1.in270
1 files changed, 270 insertions, 0 deletions
diff --git a/doc/man/doveadm-acl.1.in b/doc/man/doveadm-acl.1.in
new file mode 100644
index 0000000..b79bc6c
--- /dev/null
+++ b/doc/man/doveadm-acl.1.in
@@ -0,0 +1,270 @@
+.\" Copyright (c) 2014-2018 Dovecot authors, see the included COPYING file
+.TH DOVEADM\-ACL 1 "2015-05-09" "Dovecot v2.3" "Dovecot"
+.SH NAME
+doveadm\-acl \- Manage Access Control List (ACL)
+.\"------------------------------------------------------------------------
+.SH SYNOPSIS
+.BR doveadm " [" \-Dv ]
+[\fB\-f\fP \fIformatter\fP]
+.BI acl \ command
+.RI [ OPTIONS ]\ [ ARGUMENTS ]
+.\"------------------------------------------------------------------------
+.SH DESCRIPTION
+The
+.B doveadm acl
+.I COMMANDS
+can be used to execute various Access Control List related actions.
+.\"------------------------------------------------------------------------
+@INCLUDE:global-options-formatter@
+.\" --- command specific options --- "/.
+.PP
+This command uses by default the output formatter
+.BR table .
+.PP
+Command specific
+.IR options :
+.\"-------------------------------------
+@INCLUDE:option-A@
+.\"-------------------------------------
+@INCLUDE:option-F-file@
+.\"-------------------------------------
+@INCLUDE:option-S-socket@
+.\"-------------------------------------
+@INCLUDE:option-u-user@
+.\"------------------------------------------------------------------------
+.SH ARGUMENTS
+.TP
+.I id
+The id (identifier) is one of:
+.RS
+.RS
+.TP 4
+*
+.BR group\-override =\c
+.I group_name
+.\"-----------------
+.TP
+*
+.BR user =\c
+.I user_name
+.\"-----------------
+.TP
+*
+.B owner
+.\"-----------------
+.TP
+*
+.BR group =\c
+.I group_name
+.\"-----------------
+.TP
+*
+.B authenticated
+.\"-----------------
+.TP
+*
+.BR anyone " (or " anonymous ", which is an alias for anyone)"
+.\"-----------------
+.RE
+.PP
+The ACLs are processed in the precedence given above, so for example if you
+have given read\-access to a group, you can still remove that from specific
+users inside the group.
+.br
+Group\-override identifier allows you to override users\(aq ACLs.
+Probably the most useful reason to do this is to temporarily disable
+access for some users.
+For example:
+.PP
+.nf
+user=timo rw
+group\-override=tempdisabled
+.fi
+.PP
+Now if timo is a member of the tempdisabled group, he has no access to the
+mailbox.
+This wouldn\(aqt be possible with a normal group identifier, because the
+.B user=timo
+would override it.
+.RE
+.\"-------------------------------------
+.TP
+.I mailbox
+The name of the mailbox, for which the ACL manipulation should be done.
+It\(aqs also possible to use the wildcard characters
+.RB \(dq * "\(dq and/or \(dq" ? \(dq
+in the mailbox name.
+.\"-------------------------------------
+.TP
+.I right
+Dovecot ACL right name. This isn\(aqt the same as the IMAP ACL letters,
+which aren\(aqt currently supported.
+Here is a mapping of the IMAP ACL letters to Dovecot ACL names:
+.RS
+.RS
+.TP 4
+.B l \(-> lookup
+.I Mailbox
+is visible in mailbox list.
+.I Mailbox
+can be subscribed to.
+.\"-----------------
+.TP
+.B r \(-> read
+.I Mailbox
+can be opened for reading.
+.\"-----------------
+.TP
+.B w \(-> write
+Message flags and keywords can be changed, except
+.BR \(rsSeen " and " \(rsDeleted .
+.\"-----------------
+.TP
+.B s \(-> write\-seen
+.B \(rsSeen
+flag can be changed.
+.\"-----------------
+.TP
+.B t \(-> write\-deleted
+.B \(rsDeleted
+flag can be changed.
+.\"-----------------
+.TP
+.B i \(-> insert
+Messages can be written or copied to the
+.IR mailbox .
+.\"-----------------
+.TP
+.B p \(-> post
+Messages can be posted to the
+.I mailbox
+by
+.BR dovecot\-lda ,
+e.g. from Sieve scripts.
+.\"-----------------
+.TP
+.B e \(-> expunge
+Messages can be expunged.
+.\"-----------------
+.TP
+.B k \(-> create
+Mailboxes can be created/renamed directly under this
+.I mailbox
+(but not necessarily under its children, see
+.I ACL Inheritance
+in the wiki).
+.br
+Note: Renaming also requires the delete right.
+.\"-----------------
+.TP
+.B x \(-> delete
+.I Mailbox
+can be deleted.
+.\"-----------------
+.TP
+.B a \(-> admin
+Administration rights to the
+.I mailbox
+(currently: ability to change ACLs for
+.IR mailbox ).
+.RE
+.RE
+.\"------------------------------------------------------------------------
+.SH COMMANDS
+.SS acl add
+.B doveadm acl add
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox id right
+.RI [ right " ...]"
+.PP
+Add ACL rights to the
+.IR mailbox / id .
+If the
+.I id
+already exists, the existing rights are preserved.
+.\"-------------------------------------
+.SS acl debug
+.B doveadm acl debug
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox
+.PP
+This command can be used to debug why a shared mailbox isn\(aqt
+accessible to the user.
+It will list exactly what the problem is.
+.\"-------------------------------------
+.SS acl delete
+.B doveadm acl delete
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox id
+.PP
+Remove the whole ACL entry for the
+.IR mailbox / id .
+.\"-------------------------------------
+.SS acl get
+.B doveadm acl get
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.RB [ \-m ]
+.I mailbox
+.PP
+Show all the ACLs for the
+.IR mailbox .
+.\"-------------------------------------
+.SS acl recalc
+.B doveadm acl recalc
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.PP
+Make sure the
+.IR user \(aqs
+shared mailboxes exist correctly in the
+.IR acl_shared_dict .
+.\"-------------------------------------
+.SS acl remove
+.B doveadm acl remove
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox id right
+.RI [ right " ...]"
+.PP
+Remove the specified ACL rights from the
+.IR mailbox / id .
+If all rights are removed, the entry still exists without any rights.
+.\"-------------------------------------
+.SS acl rights
+.B doveadm acl rights
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox
+.PP
+Show the
+.IR user \(aqs
+current ACL rights for the
+.IR mailbox .
+.\"-------------------------------------
+.SS acl set
+.B doveadm acl set
+[\fB\-u\fP \fIuser\fP|\fB\-A\fP|\fB\-F\fP \fIfile\fP]
+[\fB\-S\fP \fIsocket_path\fP]
+.I mailbox id right
+.RI [ right " ...]"
+.PP
+Set ACL rights to the
+.IR mailbox / id .
+If the
+.I id
+already exists, the existing rights are replaced.
+.\"------------------------------------------------------------------------
+@INCLUDE:reporting-bugs@
+.\"------------------------------------------------------------------------
+.SH SEE ALSO
+.BR doveadm (1),
+.BR dovecot\-lda (1)
+.\"-------------------------------------
+.PP
+Additional resources:
+.IP "ACL Inheritance"
+http://wiki2.dovecot.org/ACL#ACL_Inheritance \ No newline at end of file