Access Control Defaults

Administrators

The admin users (imapd.conf(5) variable “admins”) get automatic go-everywhere, do-everything privileges on every mailbox. They can also see across domains which normal users can’t.

Note

An admin user should not be a normal email account.

Mailbox owners

The user who owns a mailbox folder has additional rights which are set regardless of any additional ACLs. These are:

• l - lookup

• k - create subfolders

• x - delete this folder

• a - administer

These are set in implicit_owner_rights of imapd.conf(5).

Default

For all other mailboxes not owned by a user, any user accessing these mailboxes have the following default privileges:

• l - lookup

• r - read contents

• s - seen

These are set in defaultacl of imapd.conf(5).