X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-0.0 required=5.0 tests=AWL,BAYES_40,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,KHOP_RCVD_TRUST,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org MIME-Version: 1.0 Date: Mon, 21 May 2012 17:46:04 +0200 Message-ID: Subject: ACLs restore mismatch, especially with Rsync From: AZ 9901 To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=UTF-8 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Hello, I have some Windows machines backed-up using Rsync on a Linux target server. Everything runs fine, expect ACLs restoration, does not really seem to work as expected. Let me show you through a detailed example. # 01 - Let's create a file on Windows - Right click, New, Text Document # 02 - Assign a group to the file, with some specific access, to have something to look at in ACLs - Right click on the file, properties, security... - I have added "grp1" group, only choosing "Write" permission for it. # 03 - From Cygwin, let's have a look at the file permissions $ ls -l testfile ----------+ 1 BEN None 0 May 20 23:19 testfile $ ls -ln testfile ----------+ 1 1000500 1000513 0 May 20 23:19 testfile # 04 - From Cygwin, let's have a look at the file ACLs $ cacls testfile C:\backup\testfile COMPUTER\grp1:(special access:) SYNCHRONIZE FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_WRITE_ATTRIBUTES BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F NT AUTHORITY\Authenticated Users:C BUILTIN\Users:R # 05 - Backup this file - Use rsync from Cygwin using -a --acls - Rsync server runs on Linux, in non-root user, with "fake super = yes" : permissions and ACLs should be stored in extended attributes # 06 - OK, backup is done, let's have a look at file on server, espacially at extended attributes $ getfattr -d -m - testfile # file: testfile user.rsync.%aacl=0sgAAAAIAAAAAHAAAAgAAAABIAAAAHAAAAIAIAAAcAAAAhAgAABQAAADFGDwACAAAA user.rsync.%stat="100000 0,0 1000500:1000513" - Perfect, permissions are correctly stored ! - ACLs have also been stored, but quite difficult to understand them, let's assume it's OK. # 07 - Restore the file now - Of course use rsync with -a --acls to restore permissions and ACLs # 08 - Let's verify permissions $ ls -l testfile ----------+ 1 BEN None 0 May 20 23:19 testfile $ ls -ln testfile ----------+ 1 1000500 1000513 0 May 20 23:19 testfile - Perfect ! # 09 - Let's verify ACLs $ cacls testfile C:\restore\testfile COMPUTER\BEN:(special access:) STANDARD_RIGHTS_ALL DELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZE STANDARD_RIGHTS_REQUIRED FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES COMPUTER\None:(special access:) READ_CONTROL FILE_READ_ATTRIBUTES NT AUTHORITY\SYSTEM:(special access:) READ_CONTROL SYNCHRONIZE FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES BUILTIN\Administrators:(special access:) READ_CONTROL SYNCHRONIZE FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES BUILTIN\Users:R COMPUTER\grp1:(special access:) READ_CONTROL SYNCHRONIZE FILE_GENERIC_WRITE FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES Everyone:(special access:) READ_CONTROL FILE_READ_ATTRIBUTES - So well, it does not look the same as the original file : somes accesses have been removed, some other added, some users and groups have been removed, some other added... Would you have an explanation ? Is there a solution to have exactly the same ACLs on the restored file ? Thank you very much, Best regards, Ben -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple