Acls support in rsync
Olivier Tarnus
olivier.tarnus at skynet.be
Wed Jun 5 14:00:02 EST 2002
Hi,
I already wrote about this subject last month but didn't get attention...
I've found a way to transfert acls with a script and applying them. This
process has already been described in this mailing list
(http://lists.samba.org/pipermail/rsync/2000-March/001992.html) but there's a
way to do it in a more efficient way using some getfacl options.
You can dump acls of a full directory with this command :
getfacl -R --skip-base --no-effect --absolute-names --access /somedir/
-R : recursive
--skip-base : do not process files with standard rights
--no-effect : no comments
--absolute-names : get full file name
--access : display file access control list, not default access control list
The advantage of this command is that you get all but only effective acls, so
standard access rights are still processed by rsync, and you only transfert
"supplementary access rights".
using some sed magic (don't flame, i'm not a Regex master...):
getfacl -R --skip-base --no-effect --absolute-names --access * | \
sed 's/# file: \(.*$\)/\1 /' | grep -v '^#' | tr "\n" "," | \
sed "s/ ,/ /g" | sed 's/,,/\/g' | sed 's/\(.*\) user::\(.*\)/user::\2 \1/
you get a line for each acl looking like this :
user::rwx,user:joe:rwx,group::rwx,group:users:rwx,mask::rwx,other::r-x myfile
Processing this command on +250 000 files took less than 2 minutes on a fresh
rebooted (no cache involved) xfs file system (linux 2.4.18). Running 1 hour
later, it will generally run in less than 5 seconds.
You just have to pipe in a file in the involved directory on the master before
running rsync and apply acls on the other side after rsync completed. To
apply, use this script :
#!/bin/bash
### This script work only if you don't have " and / in your filenames
### I hope for you... :-)
cat $1 | while read acl file
do
myfile=$file
echo "Applying acl in $file..."
/usr/bin/setfacl -s $acl "$myfile"
done
Running time depend of the number of acls in your directory. :-)
I don't know if this method work well on other file systems, but it do on xfs
and is really efficient. I hope this will help acls users, so please let me
know if you get success with this method.
I still want to create a "getfacl" patch for rsync, so that acls are
transfered with a shorter syntax
(u::rwx,u:101:rwx,g::rwx,g:100:rwx,m::rwx,o::r-x myfile), and so you don't
have to script anymore :-)
So please dear rsync developpers, could you please give me some advice about
what to modifiy in rsync to add acls to standard access rights
synchronisation.
Thank you in advance.
Olivier Tarnus
More information about the rsync
mailing list