Access Control Defaults¶
Administrators¶
The admin users (imapd.conf(5) variable “admins”) get automatic go-everywhere, do-everything privileges on every mailbox. They can also see across domains which normal users can’t.
Note
An admin user should not be a normal email account.
Mailbox owners¶
The user who owns a mailbox folder has additional rights which are set regardless of any additional ACLs. These are:
- l - lookup
- k - create subfolders
- x - delete this folder
- a - administer
These are set in implicit_owner_rights of imapd.conf(5).
Default¶
For all other mailboxes not owned by a user, any user accessing these mailboxes have the following default privileges:
- l - lookup
- r - read contents
- s - seen
These are set in defaultacl of imapd.conf(5).