Copying EAs and ACLs

Buck Huppmann buckh at pobox.com
Tue Feb 25 16:29:05 EST 2003


On Sun, Feb 23, 2003 at 01:13:56PM +0100, Andreas Gruenbacher wrote:
> Hello,
> 
> I am the guy behind the ext2/ext3 patches for Extended Attributes and ACLs, 
> and I've recently been asked about ACL support in rsync by Eric. Upon 
> investigating I found that you have an ACL patch against rsync-2.5.5 [1]. I 
> also found some other postings to rsync at lists.samba.org concerning rsync and 
> ACLs [3].
> 
> Are there any plans for finalizing an integrating that rsync ACL patch?

i hope not

seriously, though, the work i did was--we hoped--something to tide us over
until something better came along. i have no illusions about or desire to
see its incorporation into the official source tree

i think that full-blown, general EA support is a laudable goal; my hope
was just to preserve--to the naive extent possible by stealing a lot of
other people's code and introducing as few of my own bugs as possible--
any additional permissions our folks are putting on their files so that
our rsync-ed ``mirrors'' of their stuff aren't any less secure than their
source images. in our case, simply preserving extended/discretionary ACLs
between our Solaris (and, it's hoped some day soon now, Linux) systems was
all we were looking for, and i'm content to live in ignorance of the more
arcane^H^H^H general issue of EA support, since it's not anything that
bears on security for our Solaris filesystems. (at least, i'm not aware of
any other attributes that have significance security-wise; which is to say
that i hope our users haven't figured out any yet)

nevertheless, it seems to me also that the NFSv4 approach is a bit verbose
and a bad enough fit for POSIX and Solaris/SysV ACLs, at least, that i
would think twice about dumping my patch in favor of an implementation
along those lines--at least if there weren't EAs that would benefit from
a fully generalized, all singing, all dancing implementation. (but then
again i am the sort who has trouble coping with the additional dimension-
ality of access control beyond the POSIX triple, think NT permissions are
a perplexing if exotic security nightmare, prefer single-letter options
to --gnu-style options, prefer man to info, coffee to latte etc.). and yet
i understand that somebody's going to figure out something cool to do with
extended attributes that users are going to want to have rsync preserve for
them and, in the future, it may be useless to transfer files at all with-
out such things (just think, filesystem cookies and referral paths--gag).
so maybe it's best to bite the bullet now, but i'm certainly not qualified
to do it. then again, maybe you wait and see if NFSv4 and supporting file-
systems force the issue, then you worry about it, just like seems to be the
present rsync development strategy . . . (whence, bad patches like mine
crop up to fill the void)

sorry to ramble cynically, but thanks for showing an interest in clearing
up the state of affairs and for your excellent work on ext2/ext3 EAs and
ACLs and libattr and libacl


More information about the rsync mailing list