On Tue, 2010-03-02 at 19:42 +0100, Thomas Leuxner wrote:
One thing I noticed is, that dsync does not take care of existing 'dovecot-acl' files, which it should migrate/copy from my point of view, but simply skips them.
Yeah, for now anyway.. The problem is that dsync does a two-way sync, but there's really no good way to do two-way ACL sync. Another problem is that ACL is a plugin feature, so this should be done by dsync acl plugin, but dsync doesn't currently support plugins. Both of these could be fixed some day to support at least the simple conversion case.
Anyway I copied over the ACLs manually and forgot to set the rights accordingly. So the files were owned by 'root:vmail' instead of 'vmail:vmail' in my setup. Voilà Dovecot crashed, where it should really throw a warning or ignore the owner and work with the group permissions:
If dovecot-acl isn't readable, it was supposed to remove all permissions from everyone, but I had never tested that code. Fixed now.