Email > About Access Control Contents Reading a Shared Mailbox Managing a Shared Mailbox Mail Delivery Users and Groups Access Rights This page is about the Cyrus mail system. If you use Outlook and CUIT’s Exchange server, you can use Cubmail or other clients to see Cyrus mailboxes. Every mailbox on the Cyrus system has an Access Control List (ACL). You have full access to your inbox and other mailboxes in your account, but you can also see other mailboxes if their Access Control allows you to. You can see shared folders listed under two categories that start with  ~ . Folders listed under ~ Public Folders are not permanently owned by any user. Some are public in the sense that all users can see them, like bboard, but many are restricted to only a few users. Since they are not part of any user’s account they do not expire when someone leaves Columbia and are not counted in anyone’s space quota. Folders listed under ~ Other Users are in other users’ accounts. This list will be empty unless someone has used Access Control to allow you to see a mailbox. You can share any of your mailboxes with other users. If you want your assistant to read and answer your mail, don’t give out your password, just share the mailboxes the assistant needs to see. Or if you want friends to see selected messages, you can put them in a mailbox that your friends can read. If mail is for a department or club, why not contact CUIT and request a mailbox in ~ Public Folders? You can easily pass it along to someone else when you leave Columbia or take another position. Back to Top READING A SHARED MAILBOX Feel free to open any mailboxes you see listed under ~ Public Folders and ~ Other Users. You might not have all the access rights you have on your own folders. For example in ~ Public Folders.bboard you can read messages and mark them as seen, but you are not allowed to delete messages. If you want to know more about access privileges see below. (Mail, in Mac OS X 10.4 and 10.5, does not show messages in shared mailboxes. Until Apple fixes this problem, we suggest you use Cubmail or Thunderbird to see them.) Back to Top MANAGING A SHARED MAILBOX You can manage a shared mailbox if you have the a (administer) access right. You have a on all your own mailboxes and you have a on a mailbox in ~ Public Folders if it has been given to you by CUIT or by someone who already had a on the mailbox. Here is how to manage access rights with Cubmail. Log in to Cubmail and click on Options in the toolbar at the top. Select Share Folders under General Options. It shows Current access to INBOX. Use the drop-down menu at the upper right to choose any other mailbox. For your inbox and your other folders, you will see yourself as having access. To give access to a new user, under Current access choose New, and then under Grant access input the user, check the rights you want to grant, and click Create. This will update the Current access list. To change access, under Current access choose the user, and then under Grant access check or uncheck the rights, and and click Modify. This will update the Current access list. Click the Return to Options button to return to the main Cubmail options screen. See below for details on how to specify users and users and access rights. Back to Top USERS AND GROUPS Access can be given to: User The user is usually the same as the uni. Group Groups are managed with the group command on cunix. For access rights the group name consists of group:cunix_ followed by the group name in lower case. For example the group MyGroup is specified as group:cunix_mygroup. anyone Give p access to anyone to allow mail delivery to a Public Folder. For other access rights, anyone means that anyone who can log in has that access. Back to Top ACCESS RIGHTS The Access Control List (ACL) for a mailbox is a list of users or groups and their access rights. The access rights themselves are sometimes referred to as the "ACLs" or "ackels". They are: l list Someone with the l right can list the mailbox, i.e. see that it exists. r read Someone with the r right can read the contents of the mailbox: list the messages, read the messages, search in the messages, and copy messages from the mailbox. s seen If someone has the s right, the "seen" and "recent" flags will be stored, to keep track of which messages have been seen. These flags are kept separately for each user. w write Someone with the w right can change the "important" and "answered" flags. These flags are seen by all users who can read the mailbox. i insert Someone with the i right can copy messages into the mailbox, put mail into the mailbox with Ingo rules, and put sent mail in it. p post If the special user anyone has the p right on a ~ Public Folders mailbox, mail can be delivered to the mailbox. This access right does not do anything if given to other users. It does not limit who can send mail. c create Someone with the c right can create sub-mailboxes of the mailbox, or delete or rename or move the current mailbox. When set this might lead to accidental deletion of a whole mailbox. d delete Someone with the d right can mark messages deleted and expunge deleted messages. a administer Someone with the a right can add and remove access rights for other users. Only a few combinations of access rights are commonly used: lrs Known sometimes as "bulletin board", this set of rights allows someone to read messages, but not make any changes. bboard is set up with anyone lrs. lrswid This set of rights allows someone to read messages, delete them, copy messages in, and mark messages as answered or important. Use this set if you have a group with joint responsibility for answering messages delivered to a single mailbox. The seen flag is stored separately for each user, but the answered and important flags are seen the same by all. The c right is left out to make sure no one deletes the whole mailbox by error. Users with the a right can put c on to create a subfolder and then take it off again. Sometimes you might want to give some users only lrs and give others lrswid. anyone p This allows mail delivery to a public folder. If you create subfolders, they will inherit this ACL, and in some cases you may want to remove it from subfolders. Back to Top MAIL DELIVERY Delivery is based on the p (post) access right. For your own inbox delivery is always allowed. For any mailbox under ~ Public Folders the p right must be granted to anyone to allow delivery. DELIVERY TO A PUBLIC FOLDER Plus addressing. Mail can be sent to any public folder using an address constructed of cu+foldername@columbia.edu. For example you can send mail to bboard by addressing cu+bboard@columbia.edu. If the public folder is nested, use dots to separate the parts; for example cu+cuit.test@columbia.edu. Email alias. You can ask CUIT for an email address for a public folder, for publicity or ease of use. The address does not need to be the same name as the public folder. bboard@columbia.edu is an example of a (slightly) simpler name for a public folder. DELIVERY TO A PERSONAL MAILBOX Delivery to your inbox is always allowed. You can route selected mail to another folder by making a rule in Ingo. Plus addressing does not work automatically for your own mailboxes, but plus addressing will deliver to you and an Ingo rule can look for it. For example, if you are zzz999, mail to zzz999+rsvp@columbia.edu will be delivered to you, and you can make an Ingo rule that says, if the To or CC contains zzz999+rsvp, deliver to my rsvp mailbox.

Start Cubmail Start Ingo Tell me about... Managing UNIX Groups Public Folders (Cyrus)