W dniu 14.05.2023 o 19:45, Aki Tuomi pisze:
doveadm sync should sync all your local ACLs just fine. So... Why it does not?
I forgot to write,
try doveadm -D to find out what's happening. You are loading acl plugin globally right? On both ends?
Yes, acl is on.
Look here. Identical access is given on both ends:
$ doveadm acl debug -u micha shared/aga doveadm(micha): Info: Mailbox 'INBOX' is in namespace 'shared/aga/' doveadm(micha): Info: Mailbox path: /srv/vmail/spinaczbiurowy/aga/.maildir doveadm(micha): Info: All message flags are shared across users in mailbox doveadm(micha): Info: User micha has rights: lookup read write write-seen write-deleted insert expunge create delete admin doveadm(micha): Info: Mailbox found from dovecot-acl-list doveadm(micha): Info: User aga found from ACL shared dict doveadm(micha): Info: Mailbox shared/aga is visible in LIST
Now, I remove permission on one server:
$ doveadm acl delete shared/aga user=micha $ doveadm acl debug -u micha shared/aga doveadm(micha): Info: Mailbox 'INBOX' is in namespace 'shared/aga/' doveadm(micha): Info: Mailbox path: /srv/vmail/spinaczbiurowy/aga/.maildir doveadm(micha): Info: All message flags are shared across users in mailbox doveadm(micha): Info: User micha has no rights for mailbox doveadm(micha): Error: User micha is missing 'lookup' right doveadm(micha): Info: Mailbox shared/aga is NOT visible in LIST
I perform sync:
$ doveadm -D sync -u aga remote:vmail@lennier [...] May 14 20:59:14 doveadm(aga)<34202><>: Debug: auth-master: userdb lookup(aga): Finished userdb lookup (username=aga uid=5000 gid=5000 system_groups_user=vmail home=/srv/vmail/spinaczbiurowy/aga) May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: Effective uid=5000, gid=5000, home=/srv/vmail/spinaczbiurowy/aga May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/.maildir:LAYOUT=fs May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: fs: root=/srv/vmail/spinaczbiurowy/aga/.maildir, index=, indexpvt=, control=, inbox=/srv/vmail/spinaczbiurowy/aga/.maildir, alt= May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: initializing backend with data: vfile:/etc/dovecot/mailconfig/shared/global-acls May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: acl username = aga May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: owner = 1 May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: Global ACL file: /etc/dovecot/mailconfig/shared/global-acls May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=maildir:%h/.maildir:LAYOUT=fs:INDEX=~/.shared/%u May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: shared: root=/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: initializing backend with data: vfile:/etc/dovecot/mailconfig/shared/global-acls May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: acl username = aga May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl: owner = 0 May 14 20:59:14 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: Global ACL file: /etc/dovecot/mailconfig/shared/global-acls May 14 20:59:14 doveadm(aga): Debug: brain M: Namespace has location maildir:~/.maildir:LAYOUT=fs May 14 20:59:14 doveadm(aga): Debug: acl vfile: reading file /srv/vmail/spinaczbiurowy/aga/.maildir/dovecot-acl May 14 20:59:14 doveadm(aga): Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Junk/dovecot-acl not found May 14 20:59:14 doveadm(aga): Debug: Namespace : Using permissions from /srv/vmail/spinaczbiurowy/aga/.maildir: mode=0700 gid=default May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Local mailbox tree: INBOX guid=d04ec020dbd2606448930000d55fb758 uid_validity=1684067035 uid_next=2 subs=no last_change=0 last_subs=0 May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Local mailbox tree: Junk guid=3847f021dbd2606448930000d55fb758 uid_validity=1684067036 uid_next=1 subs=no last_change=0 last_subs=0 May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Remote mailbox tree: INBOX guid=d04ec020dbd2606448930000d55fb758 uid_validity=1684067035 uid_next=2 subs=no last_change=0 last_subs=0 May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Remote mailbox tree: Junk guid=3847f021dbd2606448930000d55fb758 uid_validity=1684067036 uid_next=1 subs=no last_change=0 last_subs=0 May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Mailbox INBOX: local=d04ec020dbd2606448930000d55fb758/0/1, remote=d04ec020dbd2606448930000d55fb758/0/1: Mailboxes are equal May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Mailbox Junk: local=3847f021dbd2606448930000d55fb758/0/1, remote=3847f021dbd2606448930000d55fb758/0/1: Mailboxes are equal May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: doveadm-sieve: Iterating Sieve mailbox attributes May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: Pigeonhole version 0.5.16 (09c29328) initializing May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.16 (09c29328) loaded May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: file storage: Using active Sieve script path: /srv/vmail/spinaczbiurowy/aga/.dovecot.sieve May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: file storage: Using script storage path: /srv/vmail/spinaczbiurowy/aga/.sieve May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: file storage: Using permissions from /srv/vmail/spinaczbiurowy/aga/.sieve: mode=0700 gid=-1 May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: file storage: Relative path to sieve storage in active link: .sieve/ May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: sieve: file storage: sync: Synchronization active May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: reading file /srv/vmail/spinaczbiurowy/aga/.maildir/dovecot-acl May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: reading file /srv/vmail/spinaczbiurowy/aga/.maildir/dovecot-acl May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Junk/dovecot-acl not found May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: reading file /srv/vmail/spinaczbiurowy/aga/.maildir/dovecot-acl May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Archive/dovecot-acl not found May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Drafts/dovecot-acl not found May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Trash/dovecot-acl not found May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: file /srv/vmail/spinaczbiurowy/aga/.maildir/Sent/dovecot-acl not found May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: acl vfile: reading file /srv/vmail/spinaczbiurowy/aga/.maildir/dovecot-acl May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Iterating prefix shared/shared-boxes/ May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Iteration finished, got 1 rows May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Starting transaction May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Unsetting 'shared/shared-boxes/user/micha/aga' May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Dict transaction finished May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Starting transaction May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Setting 'shared/shared-boxes/user/micha/aga' to '1'* *May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: dict(file)<>: Dict transaction finished *May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Import INBOX: Import attribute vendor/vendor.dovecot/pvt/acl/user=micha: Nonexistent locally* May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Import INBOX: Import change type=save GUID=1684067035.M549474P37704.lennier,S=667,W=686 UID=1 hdr_hash= result=GUIDs match May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Import INBOX: Last common UID=1. Delayed expunges= May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Import INBOX: Saved UIDs: May 14 20:59:16 doveadm(aga)<34202><J6fkHKJLYWSahQAADIFX8A>: Debug: brain M: Import INBOX: Finish update: min_next_uid=2 min_first_recent_uid=1 min_highest_modseq=10 min_highest_pvt_modseq=0 May 14 20:59:16 doveadm(34202): Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=34051,uid=0): Disconnected: Connection closed (fd=8
Failure! The access right appeared again:
$ doveadm acl debug -u micha shared/aga doveadm(micha): Info: Mailbox 'INBOX' is in namespace 'shared/aga/' doveadm(micha): Info: Mailbox path: /srv/vmail/spinaczbiurowy/aga/.maildir doveadm(micha): Info: All message flags are shared across users in mailbox doveadm(micha): Info: User micha has rights: lookup read write write-seen write-deleted insert expunge create delete admin doveadm(micha): Info: Mailbox found from dovecot-acl-list doveadm(micha): Info: User aga found from ACL shared dict doveadm(micha): Info: Mailbox shared/aga is visible in LIST
What is going on?
-- MiCHA