I have switched to global ACLs for public namespaces which eases their administration greately. Now while running housekeeping scripts (e.g. expunge old mails/archive mails etc.) this requires temporary overriding the global ACLs with mailbox specifix ACLs to expunge mails. The scripts would then revoke the temporary changes (delete flags) and the global ACL would take precedence again.
Ideally I would want to get rid of the 'dovecot-acl' file after the scripts ran so the global ACL kicks in. There seems to be no interface command to purge 'dovecot-acl' files so this is handled by the scripts for now:
[...] # Get actual path of dovecot-acl file and remove it as it is handled by global ACL acl_path=$(doveadm acl debug -u $mailbox_owner "$source_mailbox_base/$1" 2>&1 | sed -n "s/\(.*\)$debug_acl_mailbox_path//p") [ -f $acl_path/dovecot-acl ] && rm $acl_path/dovecot-acl
It would be nice if purging a specific dovecot-acl would be handled by doveadm to avoid custom-scripting.
Regards Thomas