
Access Control Defaults
***********************


Administrators
==============

The admin users (imapd.conf(5) variable "admins") get automatic go-
everywhere, do-everything privileges on every mailbox. They can also
see across domains which normal users can't.

Note: An admin user should not be a normal email account.


Mailbox owners
==============

The user who owns a mailbox folder has additional rights which are set
regardless of any additional ACLs. These are:

* **l** - lookup

* **k** - create subfolders

* **x** - delete this folder

* **a** - administer

These are set in **implicit_owner_rights** of imapd.conf(5).


Default
=======

For all other mailboxes not owned by a user, any user accessing these
mailboxes have the following default privileges:

* **l** - lookup

* **r** - read contents

* **s** - seen

These are set in **defaultacl** of imapd.conf(5).
