Mail Archives: cygwin/2012/05/21/11:46:33
X-Recipient: | archive-cygwin AT delorie DOT com
|
X-SWARE-Spam-Status: | No, hits=-0.0 required=5.0 tests=AWL,BAYES_40,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,KHOP_RCVD_TRUST,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE
|
X-Spam-Check-By: | sourceware.org
|
MIME-Version: | 1.0
|
Date: | Mon, 21 May 2012 17:46:04 +0200
|
Message-ID: | <CANs8wdASbT91Gn8FsLMDCR3_em=-ABLGjZPeA3i-TmcygDQPkQ@mail.gmail.com>
|
Subject: | ACLs restore mismatch, especially with Rsync
|
From: | AZ 9901 <az9901 AT gmail DOT com>
|
To: | cygwin AT cygwin DOT com
|
X-IsSubscribed: | yes
|
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm
|
List-Id: | <cygwin.cygwin.com>
|
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com>
|
List-Archive: | <http://sourceware.org/ml/cygwin/>
|
List-Post: | <mailto:cygwin AT cygwin DOT com>
|
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
|
Sender: | cygwin-owner AT cygwin DOT com
|
Mail-Followup-To: | cygwin AT cygwin DOT com
|
Delivered-To: | mailing list cygwin AT cygwin DOT com
|
Hello,
I have some Windows machines backed-up using Rsync on a Linux target server.
Everything runs fine, expect ACLs restoration, does not really seem to
work as expected.
Let me show you through a detailed example.
# 01 - Let's create a file on Windows
- Right click, New, Text Document
# 02 - Assign a group to the file, with some specific access, to have
something to look at in ACLs
- Right click on the file, properties, security...
- I have added "grp1" group, only choosing "Write" permission for it.
# 03 - From Cygwin, let's have a look at the file permissions
$ ls -l testfile
----------+ 1 BEN None 0 May 20 23:19 testfile
$ ls -ln testfile
----------+ 1 1000500 1000513 0 May 20 23:19 testfile
# 04 - From Cygwin, let's have a look at the file ACLs
$ cacls testfile
C:\backup\testfile COMPUTER\grp1:(special access:)
SYNCHRONIZE
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_WRITE_EA
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\Authenticated Users:C
BUILTIN\Users:R
# 05 - Backup this file
- Use rsync from Cygwin using -a --acls
- Rsync server runs on Linux, in non-root user, with "fake super =
yes" : permissions and ACLs should be stored in extended attributes
# 06 - OK, backup is done, let's have a look at file on server,
espacially at extended attributes
$ getfattr -d -m - testfile
# file: testfile
user.rsync.%aacl=0sgAAAAIAAAAAHAAAAgAAAABIAAAAHAAAAIAIAAAcAAAAhAgAABQAAADFGDwACAAAA
user.rsync.%stat="100000 0,0 1000500:1000513"
- Perfect, permissions are correctly stored !
- ACLs have also been stored, but quite difficult to understand them,
let's assume it's OK.
# 07 - Restore the file now
- Of course use rsync with -a --acls to restore permissions and ACLs
# 08 - Let's verify permissions
$ ls -l testfile
----------+ 1 BEN None 0 May 20 23:19 testfile
$ ls -ln testfile
----------+ 1 1000500 1000513 0 May 20 23:19 testfile
- Perfect !
# 09 - Let's verify ACLs
$ cacls testfile
C:\restore\testfile COMPUTER\BEN:(special access:)
STANDARD_RIGHTS_ALL
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
STANDARD_RIGHTS_REQUIRED
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
COMPUTER\None:(special access:)
READ_CONTROL
FILE_READ_ATTRIBUTES
NT AUTHORITY\SYSTEM:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Users:R
COMPUTER\grp1:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_WRITE
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(special access:)
READ_CONTROL
FILE_READ_ATTRIBUTES
- So well, it does not look the same as the original file : somes
accesses have been removed, some other added, some users and groups
have been removed, some other added...
Would you have an explanation ?
Is there a solution to have exactly the same ACLs on the restored file ?
Thank you very much,
Best regards,
Ben
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -