Am Donnerstag, 12. Juni 2014, 11:53:26 schrieb Christoph
Bu?enius:> Hi,
>
> I think I found a bug in Dovecot 2.1.17 and 2.2.13.
>
> In our setup, sometimes ACLs stop working because
"dovecot-acl-list" is
> replaced by an empty file. We found that lazy_expunge is connected to
> this.
>
> To reproduce, create ACLs for "user1" in a folder. Put a mail in
that
> folder and expunge it, so that the folder will be created in the
> "expunged" namespace.
>
> For instance,
>
> # cat user1/mail/mailboxes/folder/dbox-Mails/dovecot-acl
> user=user2 keilrwts
>
> # cat user1/mail/dovecot-acl-list
> 1350914868 folder
>
> # doveadm -f user1w fetch -u "user1" 'guid' mailbox
_EXPUNGED.\*
>
> # ls -l user1/mail/dovecot-acl-list
> -rw------- 1 vmail vmail 0 2014-06-12 11:40 user1/mail/dovecot-acl-list
>
> You see that we have used doveadm to list the expunged namespace, which
> has emptied the "dovecot-acl-list" file.
Hi,
tried it with dovecot-ee-2.1.17.7-1.el6 and can confirm exactly the
behaviour!
Interestingly a doveadm acl debug recreates dovecot-acl-list:
doveadm acl debug -u user2 user/user1/Folder
...
doveadm(user2): Info: User user2 has rights: ...
doveadm(user2): Error: Mailbox not found from dovecot-acl-list, rebuilding
doveadm(user2): Info: User user1 found from ACL shared dict
doveadm(user2): Info: Retrying after rebuilds:
...
A question because you mention 2.2.13, is acl + lazy_expunge working for you
with 2.2.13???
2.2.13 fails for me completely with unknown namespace .EXPUNGED as soon as a
user shares a folder. (as long as nothing is shared everything is file)
Reproducible with: doveadm acl set -u user1 Folder user=user2 rights...
2.1.17: doveadm acl debug -u user2 user/user1/Folder everything is fine.
2.2.13: unknown namespace .EXPUNGED, user2 cannot login anymore.
Unfortunately I never got any feedback to this issue and therefore stick
with 2.1.17 :-(
Florian
> Cheers,
> Christoph
>
>
>
>
> # 2.2.13: /usr/local/dovecot/etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-57-server x86_64 Ubuntu 10.04.4 LTS
> disable_plaintext_auth = no
> mail_gid = vmail
> mail_location = mdbox:~/mail
> mail_plugins = acl
> mail_uid = vmail
> namespace {
> inbox = no
> list = children
> location = mdbox:%%h/mail
> prefix = INBOX.shared.%%u.
> separator = .
> subscriptions = no
> type = shared
> }
> namespace default {
> inbox = yes
> location > prefix = INBOX.
> separator = .
> type = private
> }
> namespace expunged {
> hidden = yes
> list = no
> location >
mdbox:~/mail:MAILBOXDIR=expunged:SUBSCRIPTIONS=expunged-subscriptions
> prefix = _EXPUNGED.
> separator = .
> subscriptions = yes
> }
> passdb {
> args = scheme=CRYPT username_format=%u
> /usr/local/dovecot/etc/dovecot/users
> driver = passwd-file
> }
> plugin {
> acl = vfile
> acl_shared_dict = file:/mail/shared-mailboxes
> lazy_expunge = _EXPUNGED.
> }
> protocols = imap pop3
> service auth {
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_key = </etc/ssl/private/dovecot.pem
> userdb {
> args = /usr/local/dovecot/etc/dovecot/users
> driver = passwd-file
> }
> protocol imap {
> imap_client_workarounds = tb-extra-mailbox-sep
> mail_max_userip_connections = 20
> mail_plugins = acl imap_acl acl
> }
--
Florian Tischler
System Administrator
*Johann Radon Institute for Computational and Applied Mathematics (RICAM)
http://www.ricam.oeaw.ac.at/
florian.tischler at oeaw.ac.at
*Industrial Mathematics Institute
http://www.indmath.uni-linz.ac.at/
tischler at indmath.uni-linz.ac.at
http://www.ricam.oeaw.ac.at/people/page.cgi?firstn=Florian;lastn=Tischler
GPG-Key: http://www.ricam.oeaw.ac.at/gpg/florian_tischler.asc
tel: +43 732 2468 5250
fax: +43 732 2468 5212