Acls support in rsync

Olivier Tarnus olivier.tarnus at skynet.be
Wed Jun 5 14:00:02 EST 2002 

Hi,

I already wrote about this subject last month but didn't get attention...

I've found a way to transfert acls with a script and applying them. This 
process has already been described in this mailing list 
(http://lists.samba.org/pipermail/rsync/2000-March/001992.html) but there's a 
way to do it in a more efficient way using some getfacl options.
You can dump acls of a full directory with this command :

getfacl -R --skip-base --no-effect --absolute-names  --access  /somedir/

-R : recursive
--skip-base : do not process files with standard rights
--no-effect : no comments
--absolute-names : get full file name
--access : display file access control list, not default access control list

The advantage of this command is that you get all but only effective acls, so 
standard access rights are still processed by rsync, and you only transfert 
"supplementary access rights".

using some sed magic (don't flame, i'm not a Regex master...):

getfacl -R --skip-base --no-effect --absolute-names  --access * | \
sed 's/# file: \(.*$\)/\1 /' | grep -v '^#' | tr "\n" "," | \
sed "s/ ,/ /g" | sed 's/,,/\/g' | sed 's/\(.*\) user::\(.*\)/user::\2 \1/

you get a line for each acl looking like this :

user::rwx,user:joe:rwx,group::rwx,group:users:rwx,mask::rwx,other::r-x myfile

Processing this command on +250 000 files took less than 2 minutes on a fresh 
rebooted (no cache involved) xfs file system (linux 2.4.18). Running 1 hour 
later, it will generally run in less than 5 seconds.

You just have to pipe in a file in the involved directory on the master before 
running rsync and apply acls on the other side after rsync completed. To 
apply, use this script :

#!/bin/bash
### This script work only if you don't have " and / in your filenames
### I hope for you...   :-)

cat $1 | while read acl file
     do
          myfile=$file
          echo "Applying acl in $file..."
          /usr/bin/setfacl -s $acl "$myfile"
     done

Running time depend of the number of acls in your directory.  :-)

I don't know if this method work well on other file systems, but it do on xfs 
and is really efficient. I hope this will help acls users, so please let me 
know if you get success with this method.

I still want to create a "getfacl" patch for rsync, so that acls are 
transfered with a shorter syntax 
(u::rwx,u:101:rwx,g::rwx,g:100:rwx,m::rwx,o::r-x myfile), and so you don't 
have to script anymore :-)

So please dear rsync developpers, could you please give me some advice about 
what to modifiy in rsync to add acls to standard access rights 
synchronisation. 

Thank you in advance.

Olivier Tarnus

More information about the rsync mailing list