The example below is furnished courtesy of
Ted Allwood
Department of Mechanical Engineering
University of Leeds
WARNING: This method endangers the mail archive from a rogue Hypermail program (bugs, hackers) or compromised webserver account, since it gives WRITE access to anyone holding the appropriate right.
You may wish to give the webserver account (running Hypermail) access to another user's email by setting ACLs. You do this as follows:
Become SYSTEM, run AUTHORIZE, and issue commands of the form:
uaf> add/ident hypermail_access uaf> grant/ident hypermail_access www_server
This assumes that the webserver account is <www_server>. Intervention by SYSTEM is limited to the above steps. Thereafter, anyone can provide access to his own email archives by setting the following ACLs on the relevant mail files.
$ set def device:[directory.mail-archive-subdirectory] $ $!This step sets the ACL on existing mail files. $ set security *.mai /acl=(hypermail_access, access=read+write) $ $!These steps set protection on the archive directory itself. $ set def [-] $ set security mail-archive-subdirectory.dir - /acl=(identifier=hypermail_access,access=read+execute) $!And don't forget to grant at least E privilege to the root directory, $!if this is not already the case. $ $!This step sets the default on mail-archive-subdirectory such that $!newly created files inherit it's ACL. $ set security mail-archive-subdirectory.dir - /acl=(identifier=hypermail_access,access=read+write+execute,options=default)