Issue
There is an undocumented Email Agent property, defaultPermissionGroupHandle, in \config\mailagent.properties file grants the All Users Except Guest group READ access to email attachments received via the Email agent.
In version 6.5.2 the default value is defaultPermissionGroupHandle=Group-5 (All Users and Guests). To restrict access change it to another group ,remove the defaultPermissionGroupHandle=Group-5 line in the mailagent.properties file, or leave it empty to remove all groups.
Note: If you change that line to use Gorup-2 instead of Group-5 it still Removes any Users that lack Manage Permissions and Changes any Users that had Manage Plus read or write to ONLY Manage access (i.e. removes read and write).
Solution
Note: Before you begin, backup DocuShare (including the database)
Note: You must be a Windows Administrator to perform this solution.
1. Download and install DocuShare 6.5.2 Patch 9. This is a pre-requisite for Hotfix https://docushare.xerox.com/doug/dsweb/View/Collection-11476
Note: For detailed instructions refer to DocuShare 6.5.2 Patch 9 Release Notes Knowledge Base article listed at the bottom of this page.
2. Download and install Hotfix 6 from the following location https://docushare.xerox.com/doug/dsweb/View/Collection-11555
Note: For detailed instructions refer to the How To Install Updates and Patches Knowledge base solution listed at the bottom of this page.
Note: This hotfix makes two improvements to Email Agent.
· Email Agent will no longer stop processing events and block users from logging in when an error messages has been received from the mail server.
· Email Agent attachments will always inherit the ACL of the email container when they arrive.
3. Download the FixMailAttachment Permission utility from the following location https://docushare.xerox.com/doug/dsweb/View/Collection-11525
Note: This utility sets permissions on all MailMessage attachments to permissions inherited from the MailMessage container object .
a. Extract the file and place a copy of the FixMailAttachmentPermissions.bat in the \bin directory and a copy of the FixMailAttachmentPermissions.jar in the \lib directory.
Where is the installation path for DocuShare. Depending on your installation environment the path may vary. The default install path is C:\Xerox\DocuShare.
b. Open a command prompt window and change into the \bin directory.
Note: DocuShare must be running when using the FixMailAttachmentPermissions utility.
c. Type FixMailAttachmentPermissions –v and press Enter
Note: Usage: FixMailAttachmentPermissions [-v] [-l ]
-h (this message)
-v Verbose logging of all objects changed
-l Log file for output. Default is stdout.
Example:
C:\Xerox\DocuShare\bin>FixMailAttachmentPermissions -v
Beginning FixMailAttachmentPermissions on Fri Feb 12 13:10:07 PST 2010
About to try to connect to the server
Connected to myserver
New permissions will be inherited from attachment MailMessage parent only, no de
faultPermissionGroupHandle configured.
Updated Document-1392 (StatusJan10.doc)
-- from this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, Wr
iteLinked, Group-5: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteL
inked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinke
d]
-- to this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, Wr
iteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteL
inked]
-----------------------
Updated Document-1401 (Q2Outlook.doc)
-- from this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, Group-5: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked]
-- to this: [User-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-22: Read, Search, ReadLinked, Group-5: Read, Search, ReadLinked]
-----------------------
(... entries omitted...)
MailMessage attachments processed: 67
Attachments unchanged: 0
Attachments updated: 67
Done.Run the utility from the command line. DocuShare must be running.
Solution published: March 16th, 2010
SPAR 61849 & 62077