Difference between revisions of "Zmmailbox"

(Permissions (modifyFolderGrant))
(Permissions (modifyFolderGrant))
Line 51: Line 51:
You could do any of the following for <tt>modifyFolderGrant [account {name}|group {name}|domain {name}|all|public|guest {email} [{password}]|key {email} [{accesskey}] {permissions|none}}</tt> followed by the permissions like:<tt> r, rw, rwix, rwixd, rwixda, none<?tt>.
You could do any of the following for <tt>modifyFolderGrant [account {name}|group {name}|domain {name}|all|public|guest {email} [{password}]|key {email} [{accesskey}] {permissions|none}}</tt> followed by the permissions like:<tt> r, rw, rwix, rwixd, rwixda, none</tt>.
* (r)ead - search, view overviews and items
* (r)ead - search, view overviews and items

Revision as of 00:31, 1 May 2009


zmmailbox requires version ZCS 4.0+

Command Usage

zmmailbox [args] [cmd] [cmd-args ...]

 -h/--help                                display this usage
 -f/--file                                use file as input stream
 -u/--url      http[s]://{host}[:{port}]  server hostname and optional port. must use admin port with -z/-a
 -a/--admin    {name}                     admin account name to auth as
 -z/--zadmin                              use zimbra admin name/password from localconfig for admin/password
 -y/--authtoken {authtoken}               use auth token string(has to be in JSON format) from command line
 -Y/--authtokenfile {authtoken file}      use auth token string(has to be in JSON format) from command line
 -m/--mailbox  {name}                     mailbox to open
 -p/--password {pass}                     password for admin account and/or mailbox
 -P/--passfile {file}                     read password from file
 -r/--protocol {proto|req-proto/response-proto} specify request/response protocol [soap11,soap12,json]
 -v/--verbose                             verbose mode (dumps full exception stack trace)
 -d/--debug                               debug mode (dumps SOAP messages)
    zmmailbox help admin           help on admin-related commands
    zmmailbox help account         help on account-related commands
    zmmailbox help appointment     help on appoint-related commands
    zmmailbox help commands        help on all commands
    zmmailbox help contact         help on contact-related commands
    zmmailbox help conversation    help on conversation-related commands
    zmmailbox help filter          help on filter-realted commnds
    zmmailbox help folder          help on folder-related commands
    zmmailbox help item            help on item-related commands
    zmmailbox help message         help on message-related commands
    zmmailbox help misc            help on misc commands
    zmmailbox help permission      help on permission commands
    zmmailbox help search          help on search-related commands
    zmmailbox help tag             help on tag-related commands


Determining Mailbox Size

To find the mailbox size for user@domain.com

zmmailbox -z -m user@domain.com gms

You can also get this from zmprov, per server:

zmprov gqu `zmhostname`|awk {'print " "$3" "$2" "$1'}


Sharing is combination of providing access & actually mapping a folder to the share.

Permissions (modifyFolderGrant)

zmmailbox -z -m share@domain.com mfg /Calendar account user@domain.com r

You could do any of the following for modifyFolderGrant [account {name}|group {name}|domain {name}|all|public|guest {email} [{password}]|key {email} [{accesskey}] {permissions|none}} followed by the permissions like: r, rw, rwix, rwixd, rwixda, none.

  • (r)ead - search, view overviews and items
  • (w)rite - edit drafts/contacts/notes, set flags
  • (i)nsert - copy/add to directory, create subfolders action
  • (x) - workflow actions, like accepting appointments
  • (d)elete - delete items and subfolders, set \Deleted flag
  • (a)dminister - delegate admin and change permissions

Mounting (createMountPoint)

Folder mount points for shared folders can be created on the command line to be accessed in the web interface. Currently, the mount points are not downloaded by the ZCO or iSync connectors and therefore must be designated manually in your 3rd party mail client, i.e., Outlook. They will show up as folders you can subscribe to in IMAP clients once you mount.

zmmailbox -z -m user@domain.com cm --view appointment -F# /sharedcal share@domain.com /Calendar

View types are appointment, contact, conversation, document, message, task, wiki.

Note When mounting a calendar to a user (--view appointment), the calendar will be added disabled or "unticked" to the user. To make sure the calendar is enabled when mounting, add -F# to the command line.

Sharing the entirety of an account

While you could manually do each & specify view, it will auto-detect if you leave it off, thus you can quickly share the entire account:

zmmailbox -z -m share@domain.com mfg / account user@domain.com rwixd
zmmailbox -z -m user@domain.com cm /shared share@domain.com /

Another method for sharing everything (just for the AJAX web client & not HTML client yet or other clients like IMAP): Mailboxes: Sharing vs. Relationships » Zimbra :: Blog


In this example, the administrator wishes to designate a mount point to alice@domain.com for the shared marketing calendar located in the marketing@domain.com account for which she will have read/write permissions.

 $ zmmailbox
 mbox> adminAuthenticate -u https://server.domain.com:7071 admin@domain.com password 
 mbox> selectMailbox marketing@domain.com
 mailbox: marketing@domain.com, size: 100.12 MB, messages: 1010, unread: 11
 mbox marketing@domain.com> getAllFolders
         Id  View      Unread   Msg Count  Path
 ----------  ----  ----------  ----------  ----------
          1  conv           0           0  /
         10  appo           0           0  /Calendar
         14  mess           0           0  /Chats
          7  cont           0           0  /Contacts
        720  mess           0           0  /Deleted Messages
          6  mess           0           0  /Drafts
          2  mess          11        1010  /Inbox
        901  conv           0           0  /Journal
          4  mess           0           0  /Junk
         12  wiki           0           0  /Notebook
        900  conv           0           0  /Outbox
          5  mess           0           0  /Sent
         15  task           0           0  /Tasks
          3  conv           0           0  /Trash

 mbox marketing@domain.com> getFolderGrant /Calendar
 Inherit  Permissions    Type  Display
 -------  -----------  ------  -------
   false        rwidx  accoun  null 
 mbox marketing@domain.com> modifyFolderGrant /Calendar account alice@domain.com rw

 mbox marketing@domain.com> gfg /Calendar
 Inherit  Permissions    Type  Display
 -------  -----------  ------  -------
   false        rwidx  accoun  null 
   false           rw  accoun  alice@domain.com

 mbox marketing@domain.com> selectMailbox alice@domain.com
 mailbox: alice@domain.com, size: 251.32 MB, messages: 1543, unread: 314

 mbox alice@domain.com> createMountpoint --view appointment /marketing-calendar marketing@domain.com /Calendar

The following command line options will perform the equivalent action to a user "albert" sharing their Calendar to another user "brian":

zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com none      "Permission: None"
zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com r         "Permission: Viewer"
zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com rwidx     "Permission: Manager"

Note that the last option uses "rwidx", not just "rw".

Inheriting Rights

In 5.0.x we removed the -i "Inherit" flag from folder grants and subfolder permission inheritance is now always TRUE. To prevent inheriting you must share the parent folder, then unshare each of the children by setting an explicit ACL on each of them.


Back when we had the -i inherited/not-inherited bit on the grant rather than on the folder, there was no way to tell whether you could effectively create a subfolder within a shared folder. In order for subfolder creation to be really workable, you need insert rights on the parent folder (to create the subfolder) and read rights on the created folder (to see the subfolder you just created). But under the old regime, the simple set of effective perms on the parent folder wasn't enough. You could tell that you had read rights *on the parent* but not whether those read rights would carry over to the child folder. So we added the calculated "c" right that meant that you could create a subfolder and then see it.

Under the new ACL model, this isn't a problem. Folders inherit the full ACL, so if you have read and insert on the parent folder then you're going to have read and insert on any subfolder you create. Now the client can just look for "r" and "i" in the shared parent's perms. If they're present, they can create a visible subfolder.

Which means that we could get rid of the calculated "c" right for 6.0.

Share Notices

RFE for -n to send a share notice when used on modifyFolderGrant bug 34283

Jump to: navigation, search