Manage Cyrus databases


cyr_dbtool [ -C config-file ] [ -M ] [ -n ] [ -o ] [ -T ]
        db-file db-backend action [ key ] [ value ]


cyr_dbtool is used to manage a cyrusdb file. The usable actions are:

show [<prefix>]

get <key>

set <key> <value>

delete <key>



You may omit key or key/value and specify one per line on stdin. Keys are terminated by tab or newline, values are terminated by newline.

Running without any options will list the available database backends and usable actions.

The consistency action runs a consistency check on the DB by calling 'myconsistent' on it.

The repack action will compress the database by removing stale data on backends which support it. It's a NOOP otherwise.

cyr_dbtool reads its configuration options out of the imapd.conf(5) file unless specified otherwise by -C.


Note that the file locations are NOT read out of the configuration file, and must be supplied on the command line.


The format of all Cyrus databases is detailed in the distribution in file doc/internal/database-formats.html. Please consult that for details.


-C config-file

Use the specified configuration file config-file rather than the default imapd.conf(5).

-M, --improved-mboxlist-sort

Uses improved MBOX list sort

-n, --create

Create the database file if it doesn't already exist.

-T, --use-transaction

Use a transaction to do the action (most especially for 'show') - the default used to be transactions.


This series of examples address manipulating the user_deny.db database, which is used to deny users access to specific services. This is typically a Cyrus "flat" format database.

user_deny.db is indexed by userid and each record contains the database version number (currently 2), a list of "wildmat" patterns specifying Cyrus services to be denied, and a text message to be displayed to the user upon denial. The service names to be matched are those as used in cyrus.conf(5). cyr_deny(8) provides more convenient way to manage user_deny.db.


Given that keys are tab-delimited, these examples use the notation <tab> to indicate the tab character. When entering this via the command line, remember to escape tabs. In a normal shell, one can do so with <ctrl-v> (^v). The sequence "<ctrl-v><ctrl-i>" (^v^i) works well to enter tab characters.

cyr_dbtool /var/lib/imap/user_deny.db flat baduser "2<tab>pop3,imap<tab>Denied"

Deny the user 'baduser' access to imap and pop3.

Subsequent login attempts by this user would result in authentication failures, and log entries like this:

# grep baduser /var/log/mail.log
Sep 19 14:34:57 cyrushost cyrus/imap[635]: fetching user_deny.db entry for 'baduser'
Sep 19 14:34:57 cyrushost cyrus/imap[635]: user 'baduser' denied access to service 'imap'
Sep 19 14:34:57 cyrushost cyrus/imap[635]: badlogin: [] plaintext baduser SASL(-14): authorization failure: user 'baduser' is denied access to service 'imap'
Sep 19 14:38:21 cyrushost cyrus/imap[816]: badlogin: [] plaintext baduser SASL(-13): authentication failure: checkpass failed
cyr_dbtool /var/lib/imap/user_deny.db flat show

Show all current database records.

baduser 2       pop3,imap       Denied
cyr_dbtool /var/lib/imap/user_deny.db flat get baduser

Get the current database record(s) for user 'baduser'.

2       pop3,imap       Denied



See Also