Issue
There is an undocumented Email Agent property, defaultPermissionGroupHandle, in <DSHome>\config\mailagent.properties file grants the All Users Except Guest group READ access to email attachments received via the Email agent.
In version 6.5.2 the default value is defaultPermissionGroupHandle=Group-5 (All Users and Guests). To restrict access change it to another group ,remove the defaultPermissionGroupHandle=Group-5 line in the mailagent.properties file, or leave it empty to remove all groups.
Note: If you change that line to use Gorup-2 instead of Group-5 it still Removes any Users that lack Manage Permissions and Changes any Users that had Manage Plus read or write to ONLY Manage access (i.e. removes read and write).
Solution
Note: Before you begin, backup DocuShare (including the database)
Note: You must be a Windows Administrator to perform this solution.
1. Download and install DocuShare 6.5.2 Patch 9. This is a pre-requisite for Hotfix https://docushare.xerox.com/doug/dsweb/View/Collection-11476
Note: For detailed instructions refer to DocuShare 6.5.2 Patch 9 Release Notes Knowledge Base article listed at the bottom of this page.
2. Download and install Hotfix 6 from the following location https://docushare.xerox.com/doug/dsweb/View/Collection-11555
Note: For detailed instructions refer to the How To Install Updates and Patches Knowledge base solution listed at the bottom of this page.
Note: This hotfix makes two improvements to Email Agent.
· Email Agent will no longer stop processing events and block users from logging in when an error messages has been received from the mail server.
· Email Agent attachments will always inherit the ACL of the email container when they arrive.
3. Download the FixMailAttachment Permission utility from the following location https://docushare.xerox.com/doug/dsweb/View/Collection-11525
Note: This utility sets permissions on all MailMessage attachments to permissions inherited from the MailMessage container object .
a. Extract the file and place a copy of the FixMailAttachmentPermissions.bat in the <DSHome>\bin directory and a copy of the FixMailAttachmentPermissions.jar in the <DSHome>\lib directory.
Where <DSHome> is the installation path for DocuShare. Depending on your installation environment the path may vary. The default install path is C:\Xerox\DocuShare.
b. Open a command prompt window and change into the <DSHome>\bin directory.
Note: DocuShare must be running when using the FixMailAttachmentPermissions utility.
c. Type FixMailAttachmentPermissions –v and press Enter
Note: Usage: FixMailAttachmentPermissions [-v] [-l <output file>]
-h (this message)
-v Verbose logging of all objects changed
-l Log file for output. Default is stdout.
Example:
C:\Xerox\DocuShare\bin>FixMailAttachmentPermissions -v
Beginning FixMailAttachmentPermissions on Fri Feb 12 13:10:07 PST 2010
About to try to connect to the server
Connected to myserver
New permissions will be inherited from attachment MailMessage parent only, no de
faultPermissionGroupHandle configured.
Updated Document-1392 (StatusJan10.doc)
-- from this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, Wr
iteLinked, Group-5: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteL
inked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinke
d]
-- to this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, Wr
iteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteL
inked]
-----------------------
Updated Document-1401 (Q2Outlook.doc)
-- from this: [Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, Group-5: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked]
-- to this: [User-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, Group-2: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-31: Manage, Write, Read, Search, ReadLinked, ReadHistory, WriteLinked, User-22: Read, Search, ReadLinked, Group-5: Read, Search, ReadLinked]
-----------------------
(... entries omitted...)
MailMessage attachments processed: 67
Attachments unchanged: 0
Attachments updated: 67
Done.Run the utility from the command line. DocuShare must be running.
Solution published: March 16th, 2010
SPAR 61849 & 62077
