Copying EAs and ACLs
jw at pegasys.ws
Mon Mar 10 12:54:04 EST 2003
On Sun, Mar 09, 2003 at 06:45:18PM +0100, Axel Thimm wrote:
> On Sun, Mar 02, 2003 at 04:50:23AM -0800, jw schultz wrote:
> > Access Control Lists (ACLs) and Extended Attributes (EA) are
> > an area i have seen for some time as something rsync will
> > need to address. I've put a tighter focus on this issue for
> > the past week or so and have reached a few conclusions.
> > 1. ACL and EA OS support is growing but not really there yet.
> > 2. Utility support is almost completely missing.
> > 3. Use lags support dramatically.
> > 4. ACLs and EAs are a part of the future.
> > Users and admins are coming to linux and Unix with
> > the expectation of ACLs. While intelligent use of
> > group IDs can more simply deal with _almost_ all
> > permissions issues, and by being simpler tend to be
> > more secure, many will prefer the quick fix ACLs
> > provide.
> > [...]
> > So while demand is currently low i believe that rsync will
> > need to support ACLs and EAs in the near future or it will
> > become little more than a limited download tool like ftp.
> A very good analysis.
> While indeed currently the pure Unix area has not such great need for ACLs,
> there is a prominent area of application, which are Samba servers. If you
> migrate a Windows domain controller/file server to Samba you will be
> confronted with ACLs. You will either have to support them or present
> alternatives, and usually the users will be accustomed to using GUIs under
> Windows to adjust their ACLs.
> The SGI group on XFS once commented that most XFS installations are due to the
> ACL support, which is needed for this reason, and I have since seen a lot of
> Samba/ACL systems popping up with rising trend.
That is the current trend. Most UNIX admins are accustomed
to only having the UGO permissions masks and we have used
them to manage priveleges quite elegantly. I expect that to
change. As ACL support become ubiquitous habits will change
and new users will prominent among the early adopters. And
as i said (quoted above) as users and admins move to UNIX
and Linux they will bring their expectations with them.
> Of course there are workarounds, like extracting the ACLs into a text dump,
> rsyncing that and reapplying them on the other side, but a native rsync
> support possibly converting between different ACL incarnations would be more
> than nice to have.
> Maybe samba's code on ACL abstraction can be "stolen"? After all samba & rsync
> do have a prominent subset of authors ... ;)
The applicable code (if any) is likely to be but a small
portion of what will be needed. Their experience
extracting/setting ACLs on multiple platforms should be
helpful. Remember that unlike samba, the current rsync is
very POSIXish and isn't really about interoperability and i
am not suggesting that should change.
J.W. Schultz Pegasystems Technologies
email address: jw at pegasys.ws
Remember Cernan and Schmitt
More information about the rsync