9. Archiver Extras

The Kopano Archiver Extras package contains additional tools to enhance basic Kopano Archiver functionality.

9.1. Installation

Kopano Archiver Extras can be found in the kopano-archiver-extra package.

9.2. The tools

9.2.1. Kopano Archiver ACL Sync

9.2.1.1. Description

kopano-archiver-aclsync synchronises archive ACL settings with those of the primary store.

When a user has set permissions for other users or groups on his or her store or folders, those other users will need at least read-permissions on this persons archive as well, so that they can read stubbed messages or access the archive directly. These permissions cannot be set by the owner of the archive when the archive was attached without write privileges. Even when another user has write permissions, it’s a nuisance to set all the permissions twice, or possibly more often when multiple archives are attached.

Note that no user will ever get more rights on a store or folder than the owner of the archive. When the archive was attached without write permissions, no user will get write permissions on the archive stores. For every archived folder in an archived store kopano-archiver-aclsync will first determine the rights of the owner of the archive. After that it will get all the entries from the ACL of the current folder except those of the owner. Each right will be masked with the rights of the owner before being added to the ACL of the archive folder.

9.2.1.2. Usage

# kopano-archiver-aclsync [options] [users]

options:
-h serverpath           : Host to connect to.
-s sslkey_file          : SSL key file for authentication.
-p sslkey_pass          : Password for the SSL key file.

users is a space separated list of users for which to synchronize the ACL settings. If no user is specified all users will be processed.

9.2.2. Kopano Archiver ACL Set

9.2.2.1. Description

kopano-archiver-aclset sets or updates permissions on an archive store for the owner of that store.

When an archive is attached to a store, the owner of the store gets read-only or read/write permissions on the archive, depending on the configuration file or command line options used at the time of attaching. Also, when an archive is attached to a store of a non-active user, it is impossible to set permissions for that non-active user.

In the first case, it may be desirable to change the permissions at a later time because of company policy changes or because the original setting was wrong. In the second case, when the user is converted to an active user, permissions need to be reset because the owner won’t have any permissions on his archive.

9.2.2.2. Usage

# kopano-archiver-aclset [OPTIONS] [users...]

options:
-h | --host         Host to connect to. Default: file:///var/run/kopano/server.sock
                    Three formats are allowed for this option:

                      UNIX socket : file://<path to the UNIX socket>
                             HTTP : http://<host or IP>:<port>/kopano
                      Secure HTTP : https://<host or IP>:<port>/kopano

-s | --sslkey-file  SSL key file for authentication.
-p | --sslkey-pass  Password for the SSL key file.
-w |                Grant write permissions on the archive.
--writable <y|n>    Enable or disable write permissions.
--help              Show this help message.

users is a space separated list of users for which to synchronize the ACL settings. If no user is specified all users will be processed.

Kopano-archiver-aclset should be executed on a regular basis from a cronjob to synchronise the rights between the primary store and the archive store .

9.2.3. Kopano Archiver Restore

9.2.3.1. Description

kopano-archiver-restore is a utility that restores archived messages from an archive. Use kopano-archiver-restore to destub all stubbed messages and restore all messages that were deleted after archiving. Do not drag and drop messages back from an archive to a main store in Kopano WebApp. Using kopano-archiver-restore ensures that restored messages are sanitised, so that they can be re-archived properly later.

9.2.3.2. Usage

Usage: kopano-archiver-restore [OPTIONS] user
OPTIONS:
-h | --host           : Host to connect to. Default: file:///var/run/kopano/server.sock
-s | --sslkey_file    : SSL key file for authentication.
-p | --sslkey_pass    : Password for the SSL key file.
-l | --log-file       : Specify log file.
--detach              : Detach the selected or all archive stores before
                      starting the restore procedure. This avoids the
                      Archiver from rearchiving restored messages.
--unhook              : Unhook the selected or all archive stores once
                      the restore process has completed. This implies
                      --detach and only works on archive stores.
--remove              : Remove the selected or all archive stores once
                      the restore process has completed. This implies
                      --unhook and only works on archive stores.
-v | --verbose        : Increase console loglevel. Can be specified multiple
                      times.
-q | --quiet          : Decrease console loglevel. Can be specified multiple
                      times.
-N | --dry-run        : Don't actually modify anything.
--help                : Show this help message.

9.2.3.3. Example

The following example will completely restore the store of john_doe and detaches and unhooks all archive stores while logging to /tmp/john_doe_restore.log

# kopano-archiver-restore --unhook -s /etc/kopano/ssl/archiver.pem -p password \
             -l /tmp/john_doe_restore.log john_doe

Note that no host is specified, causing kopano-archiver-restore to connect to file:///var/run/kopano/server.sock. The sslkey_file and sslkey_pass are specified in order to connect to the other nodes in the cluster.