Permission issue while using rsync.

Matt McCutchen matt at mattmccutchen.net
Sun Dec 16 18:27:26 GMT 2007


On Sun, 2007-12-16 at 06:00 +0530, vasumg at gmail.com wrote:
> Thanks for your advise on using ACL's.
> Since the rsync command is embedded within a wrapper, if I have to
> change the command, I will have to rebuild the entire package and
> install the new package on all the related servers.
> To avoid this, I plan to use ACL's on the destination machine as an
> alternative.
> We use vxfs filesystem on a HP_UX 11.11 machine.

I've only used ACLs with rsync on Linux, so I can't vouch that it will
work on HP-UX, but it's worth a try.  First, note that the ACLs will
only have an effect if the copy of rsync installed on "hostname"
supports ACLs.  To test your current copy of rsync, run:

ssh mcstrans at hostname /usr/bin/rsync --version

and look for "ACLs" in the list of capabilities.  Recent development
versions of rsync 3.0.0 support ACLs (though you should be wary of using
them on a production system), and the source packages of older versions
of rsync come with a patch "patches/acls.diff" to add ACL support.

It may turn out that installing the necessary copy of rsync on
"hostname" to recognize the ACLs is just as much work as modifying the
rsync script to override the umask.  But if you do want to use ACLs,
read on:

> How do I set the acls' on a top-level directory..
> Any file created within this dir should have 644 permission.
> How do I do this.  Does it have any side-effects of which I should be
> careful about.
> I donot have much exp on setting acl and since this is a major
> production machine I cannot take chances.

It looks like the HP-UX command to set ACLs is setacl .  To have new
files created with mode 644 and new subdirectories created with mode
755, you should set a default ACL of 755.  A directory's default ACL
affects only new files immediately in that directory, so you need to set
the default ACL of the destination and all existing subdirectories
inside it (new subdirectories will inherit the default ACL when they are
created).  To do this, run the following command as user mcstrans on
"hostname":

find /tmp/rsync.test -type d -exec setacl -m d:u::7,d:g::5,d:c::5,d:o::5 {} +

See the setacl(1) man page for more information.  I strongly encourage
you to make another directory on the destination host to test that you
can set its default ACLs and that rsync observes them when copying files
into that directory before you mess with the real destination.

Matt



More information about the rsync mailing list