Posix Extended headers ...

Richard Sharpe rsharpe at ns.aus.com
Mon Jul 15 11:50:00 GMT 2002

On Mon, 15 Jul 2002, Joerg Schilling wrote:

[Added Samba-technical so that this discussion can be recorded]

Preamble. Noting that star supports saving and restoring Posix ACLs for at 
least Linux, and that Samba's libsmb now has routines to query and set 
SEC_DESCs, I started talking to Joerg Schilling on this topic.

> >From rsharpe at ns.aus.com Fri Jul 12 21:37:16 2002
> >> >The initial goal is to simply be able to backup the NT SEC_DESC (ie, ACLs) 
> >> >as a blob so it can be restored to the NT server.
> >> 
> >> How does this look?
> >The SEC_DESC contains the Owner SID and the Primary Group SID of the Owner 
> >of the file, along with the ACL, which can contain both positive ACEs 
> >(allow) and negative ACEs (deny) as well as AUDIT and something else ACEs.
> Mmm, Audit entries on Solaris are kept in the shadow passwd file.

I think audit entries are similar to positive or negative ACEs, and simply 
mean that if the specified user/group requested the specified access, 
write a system log entry.

> Having denial ACLs makes it a bit more complex, but if at least the basic
> idea is the same as with POSIX, then it would be possible to add just two 
> additional ACL descriptors to the TAR header:
> -	Denial default entries (descending information starting from dirs)
> -	Denial access entries
> These could just look (besides the label) the same as the existing entries.

That is a neat idea. That would make it work. We would want to record 
user/group names as DOMAIN\name as well, and UID/GID does not necessarily 
make sense.
> >Since NFS V4 contains something similar, there will be a growing need for 
> >this.
> I did not have the time to read the NVS V4 specs. If Sun adds this, then there 
> is a high probability, that Solaris 10 will support these things too.
> >> What is the difference?
> >Posix only has the concept of positive ACEs. It does not have negative or 
> >system or audit ACEs.
> Could you exmplain what audit ACEs should look like and what they should do?

See above.

> >Translating them to text would allow system independent restores, so a 
> >backup from a Windows NT/2K domain could be restored on an NFS V4 server, 
> >or indeed on a system with POSIX ACLs with some loss of information.
> Not translating them to text could make archives a lot less portable.

Yes, it was simply mentioned as a first-cut stop-gap solution.
> >> BTW: how POSIX compliant is sbmtar? Did you run my compliance test
> >> that comes with star?
> >Never run it, so I don't know.
> Creating a ACL aware SMB backup could be done by either adding POSIX.1-2001 
> support to smbclient, or by adding a smb access lib to (a specialized) star.

Hmmm, might be similar amounts of work in either case. Does star have a 
library-feel for the code that writes headers/blocks to the archive?

There is a library in Samba that provides much of what you want but is 
perhaps not so easy to use as yet.

I imagine that the ACLs are written as a header and block that contain the 

> Here are some numbers to help you with the decision:
> -	I could write a POSIX.1-1990 (only) tar in two days.
> 	In fact, I did write a POSIX.1-1990 TAR archive conformance checker
> 	in one day ("tartest" from star-1.4.1 or star-1.5a05).
> -	It took me > 2 weeks to add basic POSIX.1-2001 extended header support
> 	into star.
> -	It took me 2 weeks to add Linux ACL support (made by Andreas 
> 	Gruenbacher) and Solaris ACL support (made by me) to star.
> -	I guess that it would take more than 2 months to add POSIX.1-2001
> 	basic extended header support into GNU tar.
> Jörg

Thank you for this information ... The discussion has been productive as 

Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list