Hi,
I think I found a bug in Dovecot 2.1.17 and 2.2.13.
In our setup, sometimes ACLs stop working because "dovecot-acl-list" is replaced by an empty file. We found that lazy_expunge is connected to this.
To reproduce, create ACLs for "user1" in a folder. Put a mail in that folder and expunge it, so that the folder will be created in the "expunged" namespace.
For instance,
# cat user1/mail/mailboxes/folder/dbox-Mails/dovecot-acl user=user2 keilrwts
# cat user1/mail/dovecot-acl-list 1350914868 folder
# doveadm -f flow fetch -u "user1" 'guid' mailbox _EXPUNGED.\*
# ls -l user1/mail/dovecot-acl-list -rw------- 1 vmail vmail 0 2014-06-12 11:40 user1/mail/dovecot-acl-list
You see that we have used doveadm to list the expunged namespace, which has emptied the "dovecot-acl-list" file.
Cheers, Christoph
# 2.2.13: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-57-server x86_64 Ubuntu 10.04.4 LTS disable_plaintext_auth = no mail_gid = vmail mail_location = mdbox:~/mail mail_plugins = acl mail_uid = vmail namespace { inbox = no list = children location = mdbox:%%h/mail prefix = INBOX.shared.%%u. separator = . subscriptions = no type = shared } namespace default { inbox = yes location = prefix = INBOX. separator = . type = private } namespace expunged { hidden = yes list = no location = mdbox:~/mail:MAILBOXDIR=expunged:SUBSCRIPTIONS=expunged-subscriptions prefix = _EXPUNGED. separator = . subscriptions = yes } passdb { args = scheme=CRYPT username_format=%u /usr/local/dovecot/etc/dovecot/users driver = passwd-file } plugin { acl = vfile acl_shared_dict = file:/mail/shared-mailboxes lazy_expunge = _EXPUNGED. } protocols = imap pop3 service auth { unix_listener auth-userdb { group = vmail mode = 0660 } } ssl_cert =
-- Christoph Bußenius Rechnerbetriebsgruppe Informatik und Mathematik Technische Universität München