Zmmailbox
Intro
zmmailbox requires version ZCS 4.0+
In the world of Zimbra permissions and sharing -- everything (calendars, briefcase, chat, etc) is a folder.
Command Usage
zmmailbox [args] [cmd] [cmd-args ...]
-h/--help display this usage -f/--file use file as input stream -u/--url http[s]://{host}[:{port}] server hostname and optional port. must use admin port with -z/-a -a/--admin {name} admin account name to auth as -z/--zadmin use zimbra admin name/password from localconfig for admin/password -y/--authtoken {authtoken} use auth token string(has to be in JSON format) from command line -Y/--authtokenfile {authtoken file} use auth token string(has to be in JSON format) from command line -m/--mailbox {name} mailbox to open -p/--password {pass} password for admin account and/or mailbox -P/--passfile {file} read password from file -r/--protocol {proto|req-proto/response-proto} specify request/response protocol [soap11,soap12,json] -v/--verbose verbose mode (dumps full exception stack trace) -d/--debug debug mode (dumps SOAP messages)
zmmailbox help admin help on admin-related commands zmmailbox help account help on account-related commands zmmailbox help appointment help on appoint-related commands zmmailbox help commands help on all commands zmmailbox help contact help on contact-related commands zmmailbox help conversation help on conversation-related commands zmmailbox help filter help on filter-realted commnds zmmailbox help folder help on folder-related commands zmmailbox help item help on item-related commands zmmailbox help message help on message-related commands zmmailbox help misc help on misc commands zmmailbox help permission help on permission commands zmmailbox help search help on search-related commands zmmailbox help tag help on tag-related commands
Examples
Determining Mailbox Size
To find the mailbox size for user@domain.com
zmmailbox -z -m user@domain.com gms
You can also get this from zmprov, per server:
zmprov gqu `zmhostname`|awk {'print " "$3" "$2" "$1'}
View all folders for a User
zmmailbox -z -m admin@example.com gaf:
Id View Unread Msg Count Path ---------- ---- ---------- ---------- ---------- 1 conv 0 0 / 16 docu 0 0 /Briefcase 10 appo 0 0 /Calendar 14 mess 0 0 /Chats 7 cont 0 0 /Contacts 6 mess 0 0 /Drafts 13 cont 0 0 /Emailed Contacts 2 mess 1 1 /Inbox 4 mess 0 0 /Junk 12 wiki 0 0 /Notebook 5 mess 0 0 /Sent 15 task 0 0 /Tasks 3 conv 0 0 /Trash
View all folders and folder permissions for a User
This is the same as above, but with -v: zmmailbox -z -m admin@example.com gaf -v:
{ "children": [ { "children": [], "color": "defaultColor", "grants": [], "id": "16", "messageCount": 0, "name": "Briefcase", "parentId": "1", "path": "/Briefcase", "unreadCount": 0, "view": "document" }, { "children": [], "color": "defaultColor", "flags": "#", "grants": [], "id": "10", "messageCount": 0, "name": "Calendar", "parentId": "1", "path": "/Calendar", "unreadCount": 0, "view": "appointment" }, { "children": [], "color": "defaultColor", "grants": [], "id": "14", "messageCount": 0, "name": "Chats", "parentId": "1", "path": "/Chats", "unreadCount": 0, "view": "message" }, { "children": [], "color": "defaultColor", "grants": [], "id": "7", "messageCount": 0, "name": "Contacts", "parentId": "1", "path": "/Contacts", "unreadCount": 0, "view": "contact" }, ... ... ... ... ... ... ... ... ... ... ... ...
Import messages from an existing Maildir into the INBOX folder
echo addMessage /INBOX /path/to/Maildir/cur | /opt/zimbra/bin/zmmailbox -z -m foo@bar.com
Sharing
Sharing is combination of providing access & actually mapping a folder to the share.
Permissions (modifyFolderGrant)
zmmailbox -z -m share@domain.com mfg /Calendar account user@domain.com r
You could do any of the following for modifyFolderGrant [account {name}|group {name}|domain {name}|all|public|guest {email} [{password}]|key {email} [{accesskey}] {permissions|none}} followed by the permissions like: r, rw, rwix, rwixd, rwixda, none.
- (r)ead - search, view overviews and items
- (w)rite - edit drafts/contacts/notes, set flags
- (i)nsert - copy/add to directory, create subfolders action
- (x) - workflow actions, like accepting appointments
- (d)elete - delete items and subfolders, set \Deleted flag
- (a)dminister - delegate admin and change permissions
Mounting (createMountPoint)
Folder mount points for shared folders can be created on the command line to be accessed in the web interface. Currently, the mount points are not downloaded by the ZCO or iSync connectors and therefore must be designated manually in your 3rd party mail client, i.e., Outlook. They will show up as folders you can subscribe to in IMAP clients once you mount.
zmmailbox -z -m user@domain.com cm --view appointment -F# /sharedcal share@domain.com /Calendar
View types are appointment, contact, conversation, document, message, task, wiki.
Note When mounting a calendar to a user (--view appointment), the calendar will be added disabled or "unticked" to the user. To make sure the calendar is enabled when mounting, add -F# to the command line.
Sharing the entirety of an account
While you could manually do each & specify view, it will auto-detect if you leave it off, thus you can quickly share the entire account:
zmmailbox -z -m share@domain.com mfg / account user@domain.com rwixd zmmailbox -z -m user@domain.com cm /shared share@domain.com /
Another method for sharing everything (just for the AJAX web client & not HTML client yet or other clients like IMAP): Mailboxes: Sharing vs. Relationships » Zimbra :: Blog
Walkthrough
In this example, the administrator wishes to designate a mount point to alice@domain.com for the shared marketing calendar located in the marketing@domain.com account for which she will have read/write permissions.
$ zmmailbox mbox> adminAuthenticate -u https://server.domain.com:7071 admin@domain.com password mbox> selectMailbox marketing@domain.com mailbox: marketing@domain.com, size: 100.12 MB, messages: 1010, unread: 11 mbox marketing@domain.com> getAllFolders Id View Unread Msg Count Path ---------- ---- ---------- ---------- ---------- 1 conv 0 0 / 10 appo 0 0 /Calendar 14 mess 0 0 /Chats 7 cont 0 0 /Contacts 720 mess 0 0 /Deleted Messages 6 mess 0 0 /Drafts 2 mess 11 1010 /Inbox 901 conv 0 0 /Journal 4 mess 0 0 /Junk 12 wiki 0 0 /Notebook 900 conv 0 0 /Outbox 5 mess 0 0 /Sent 15 task 0 0 /Tasks 3 conv 0 0 /Trash mbox marketing@domain.com> getFolderGrant /Calendar Inherit Permissions Type Display ------- ----------- ------ ------- false rwidx accoun null mbox marketing@domain.com> modifyFolderGrant /Calendar account alice@domain.com rw mbox marketing@domain.com> gfg /Calendar Inherit Permissions Type Display ------- ----------- ------ ------- false rwidx accoun null false rw accoun alice@domain.com mbox marketing@domain.com> selectMailbox alice@domain.com mailbox: alice@domain.com, size: 251.32 MB, messages: 1543, unread: 314 mbox alice@domain.com> createMountpoint --view appointment /marketing-calendar marketing@domain.com /Calendar 2342
The following command line options will perform the equivalent action to a user "albert" sharing their Calendar to another user "brian":
zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com none "Permission: None" zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com r "Permission: Viewer" zmmailbox -z -m albert@example.com mfg -i /Calendar account brian@example.com rwidx "Permission: Manager"
Note that the last option uses "rwidx", not just "rw".
Inheriting Rights
In 5.0.x we removed the -i "Inherit" flag from folder grants and subfolder permission inheritance is now always TRUE.
To prevent inheriting you must share the parent folder, then unshare each of the children by setting an explicit ACL on each of them.
If you attempt to reshare the subfolders following this, you may need to clear the -i flag. See Clearing the "don't inherit grants from parent folder"(i) flag for more information on how to clear this flag.
Reasoning:
Back when we had the -i inherited/not-inherited bit on the grant rather than on the folder, there was no way to tell whether you could effectively create a subfolder within a shared folder. In order for subfolder creation to be really workable, you need insert rights on the parent folder (to create the subfolder) and read rights on the created folder (to see the subfolder you just created). But under the old regime, the simple set of effective perms on the parent folder wasn't enough. You could tell that you had read rights *on the parent* but not whether those read rights would carry over to the child folder. So we added the calculated "c" right that meant that you could create a subfolder and then see it.
Under the new ACL model, this isn't a problem. Folders inherit the full ACL, so if you have read and insert on the parent folder then you're going to have read and insert on any subfolder you create. Now the client can just look for "r" and "i" in the shared parent's perms. If they're present, they can create a visible subfolder.
Which means that we could get rid of the calculated "c" right for 6.0.
RFE for -n to send a share notice when used on modifyFolderGrant bug 34283
Scripting
Using -f For File Input
Let's say you want to create thousands of folders for testing purposes. Here's a walk through on doing that.
First, create a root folder:
zmmailbox -z -m USER@DOMAIN cf -V message /Large-Share
Now, create a file we'll use for zmmailbox's input.
for i in {1..5300}; do echo "cf -V message /Large-Share/Folder$i" >> /tmp/create-folder ; done
This will give us something like:
cf -V message /Large-Share/Folder1 cf -V message /Large-Share/Folder2 cf -V message /Large-Share/Folder3 cf -V message /Large-Share/Folder4 cf -V message /Large-Share/Folder5 cf -V message /Large-Share/Folder6 cf -V message /Large-Share/Folder7 cf -V message /Large-Share/Folder8 cf -V message /Large-Share/Folder9 cf -V message /Large-Share/Folder10 ... cf -V message /Large-Share/Folder5291 cf -V message /Large-Share/Folder5292 cf -V message /Large-Share/Folder5293 cf -V message /Large-Share/Folder5294 cf -V message /Large-Share/Folder5295 cf -V message /Large-Share/Folder5296 cf -V message /Large-Share/Folder5297 cf -V message /Large-Share/Folder5298 cf -V message /Large-Share/Folder5299 cf -V message /Large-Share/Folder5300
Now we can feed in the commands with zmmailbox with the -f option.
zmmailbox -z -m USER@DOMAIN -f /tmp/create-folder
The method above is A LOT faster than using a for loop against the zmmailbox command itself. Invoking separate zmmailbox commands causes undue delay. Example, where one does:
for i in {1..5300}; do zmmailbox -z -m USER@DOMAIN cf -V message /Large-Share/Folder$i ; done