[CalendarServer-users] account.xml configuation

Cyrus Daboo cdaboo at apple.com
Wed Nov 7 14:23:26 PST 2007

Hi Darren,

--On November 7, 2007 3:56:48 PM -0600 Darren Hildebrand 
<dhildebrand at franticfilms.com> wrote:

> This could probably be achieved (although it may be somewhat tedious...)
> by creating a user called guest and using the mulberry client to modify
> ACLs so that they have read access to all the other users' calendars.
> You'd just have to remember to adjust permissions every time you create a
> new user's calendar.  Definitely not ideal, but it could (probably) do
> the job in a pinch.

Ideally what is needed for this is to set the guest read-only ACL on the 
top-level root resource and ensure that is inherited by all child 
resources. Unfortunately, webdav ACL is a bit lame when it comes to setting 
up inheritance - there is actually no way to do that through protocol.

The calendar server does support inheritable privileges with WebDAV ACL via 
a private XML element we add to the stored WebDAV ACL on the server. By 
setting the inheritable element, that ace becomes inherited by all child 
resources. We use that in a number of areas:

- The admin principal is an inheritable ace on the root resource.
- Each user has an inheritable ace giving them read/write/admin privileges 
on their own calendar home.
- Calendar proxies are given the appropriate inheritable privileges on the 
calendar homes of the users they can proxy too.
- By default, any ace added to a calendar collection is made inheritable - 
that way by default if you give some access to your calendar collection 
they automatically get access to all the content as well (which is likely 
the intent).

It certainly would be nice to be able to specify inheritance via webdav 
protocol so that users/admins can setup more complex sharing scenarios. 
That would require a protocol extension.

Cyrus Daboo

More information about the calendarserver-users mailing list