Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Mass Permissions change
  •  
skeates

Messages: 104
Karma: 0
Send a private message to this user
To day I had to change the permissons on a rather large amount of public folders. The only way I could find to do this was manually through the webmail.

This ended up being a bit to time consuming since there were hundreds of folders and I just did not have the time to do it. I ended up contacting Kerio support and was told that there is no way to apply permissions to all sub folders you have to do this manually.

This only applies to folders moved into a new public folder. Folders created with in a public folder inherit permissions from it's parent (Kerio say).

So I set about finding an easy way to do this. Below is what I came up with. I have tested it and it works although I take no responsiablity for anything you do wrong. If your not comftable using the command prompt I would suggest not using this method.

All my work was done on OS X I have not tested this on Linux although I guess it would work and windows I guess you would need to use something like cygwin.

First off the permissons for a folder are stored in the status.fld file with in the folder.

At the end of the folder you will find a line that looks something like:

Aauthuser<_at_>domain.com lrswicda

This would mean that all users from the domain have admin access to the folder. Below is a summery of the status's you could set.

All Users from Domain Aauthuser<_at_>domain.com Administer: lrswicda Editor: lrswid Reader: lr
All Users Aauthuser<_at_>domain.com Administer: lrswicda Editor: lrswid Reader: lr
Group A[groupname<_at_>domain.com] Administer: lrswicda Editor: lrswid Reader: lr
User Ausername<_at_>domain.com Administer: lrswicda Editor: lrswid Reader: lr
Anoynimus Aanyone Administer: lrswicda Editor: lrswid Reader: lr

So in my case I wanted to set all the folders with in a subfolder to have admin access for all users from the domain so I needed to set: Aauthuser<_at_>domain.com lrswicda into all the status.fld files for those folders.

First thing to do is clear out any existing permissions. This is done with the following command.

find PATH -name "status.fld" -exec sed -i '' 's/Aauthuser<_at_>domain.com.*//g' '{}' \;

PATH being the path to the public folders you want to change in my case it was /usr/local/kerio/mailserver/store/mail/domain/#public/Public /

This will find all the status.fld files and remove any of the permissions set on those files.

Next you want to apply your new permissions.

There are two steps to this. First you need to create a file call it what you want. In my case it was permissions.txt in the file put in the permissons you want to set so in my case I used Aauthuser<_at_>domain.com lrswicda because I wanted all users from this domain to have admin rights to the folders.

Next we need to apply those permissions into the status.fld files so we use the following.

find /usr/local/kerio/mailserver/store/mail/domain.com/#public/Pu blic/ -iname \status.fld -print0 | while IFS= read -r -d '' file; do cat /permissions.txt >> "$file" ; done

this search's for all the status.fld files and adds the permissions you set in the permissions.txt to the end of the status.fld files.

Next you will need to stop and restart Kerio. Once that is done the permissions should take affect.

There may be a better way that using cat to throw out the permissions line into the files, but I did not have time to figure one out and this method seem to work fine. Using the txt file also means you would be able to apply more than one set of permissions at a time.

I hope this helps some one as it took me less than a min to do a job that would have take about three hours by hand.


  •  
adrianfm

Messages: 13
Karma: 0
Send a private message to this user
This inspiered me to write a complete programme to take care og this isue. Thanks for the info!
  •  
skeates

Messages: 104
Karma: 0
Send a private message to this user
Good to hear. I would have done the same if I was able, but simple scripting is as far as I go.

If you wouldn't mind sharing it when you are done that would be good.
  •  
han

Messages: 4
Karma: 0
Send a private message to this user
Hi

@Skeates: great piece of info. I wrote my own little program to do this...if anyone is interested, drop me a line

Han
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
Direct change in status.fld doesn't update databases for CalDAV and CardDAV clients (.caldav.db, .carddav.db). AFAIK there is some daemon for periodic checks of permissions so databases should be repaired automatically by Kerio Connect in few hours.
  •  
beachmat

Messages: 62
Karma: 0
Send a private message to this user
Thanks a lot for that. Saved me hours of tedious work.
  •  
ahu

Messages: 38

Karma: 0
Send a private message to this user
In late Kerio versions, calendars can be shared or delegated.
If I just look in the status.fld I see no difference, also manual edits have no effect anymore. Is there any other file where a shared or delegated user will be added?
Previous Topic: iCal delegates
Next Topic: Autodiscover with multiple domains
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Aug 23 19:30:27 CEST 2017

Total time taken to generate the page: 0.00473 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.