Copying EAs and ACLs
jw at pegasys.ws
Mon Feb 24 14:23:33 EST 2003
On Sun, Feb 23, 2003 at 01:13:56PM +0100, Andreas Gruenbacher wrote:
> I am the guy behind the ext2/ext3 patches for Extended Attributes and ACLs,
> and I've recently been asked about ACL support in rsync by Eric. Upon
> investigating I found that you have an ACL patch against rsync-2.5.5 . I
> also found some other postings to rsync at lists.samba.org concerning rsync and
> ACLs .
> Are there any plans for finalizing an integrating that rsync ACL patch?
Not yet. I'd like to see a decent overview of that patch's
approach before commenting on its chances.
> I am posting my own thoughts on that topic with the hope to spur the
> discussion and accelerate the improvement of rsync in that direction.
> ACLs are one part of supporting Extended Attributes in general, but they are
> important enough (and difficult enough to do right) to deserve special
> treatment. (I would like to see Extended Attributes in rsync too, of course.)
As long as i have touched on the issue for rsync i have argued
for treating ACLs (file Access Control Lists) as a
special-case of EAs (file Extended Attributes). I still
believe that is essential. Aside from the blurred line
between ACLs and EAs in some filesystems there is the big
issue of inconsistent availability of support for these.
> Most UNIX systems support some variant of POSIX ACLs. Unfortunately the
> so-far-final draft 17 document the dissolved POSIX 1003.1e/2c working group
> has produced does not define how to deal with ACLs on a network.
> Probably partly because POSIX ACLs didn't ever get standardized, the NFSv4
> protocol  among other things defines yet another kind of ACLs. NFSv4 ACLs
> are much more like Windows ACLs than POSIX draft 17 ACLs. What's more, the
> NFSv4 protocol not only defines the on-the-wire format to be used for ACLs,
> but also their semantics. This makes them problematic for POSIX ACLs.
> Nevertheless it seems that NFSv4 ACLs are here to stay.
> So it seems to make sense to adapt them to POSIX ACLs, and to use them as the
> underlying transfer format for rsync. The SSH File Transfer Protocol
> <http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-04.txt> also
> specifies that scp is to use the NFSv4 ACL format, by the way.
this document actually does a much better job of describing
NFSv4 ACLs than the NFS document.
So far POSIX ACLs seem to be what is being implemented at
the system and filesystem level. In reality rsync doesn't
need to deal with the same issues as NFS. Rsync's focus is
not in projecting the access rights semantics to determine
correct privileges but in preserving as much as possible the
original ACL data.
J.W. Schultz Pegasystems Technologies
email address: jw at pegasys.ws
Remember Cernan and Schmitt
More information about the rsync