This is the mail archive of the
cygwin
mailing list for the Cygwin project.
ACLs restore mismatch, especially with Rsync
- From: AZ 9901 <az9901 at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 21 May 2012 17:46:04 +0200
- Subject: ACLs restore mismatch, especially with Rsync
Hello,
I have some Windows machines backed-up using Rsync on a Linux target server.
Everything runs fine, expect ACLs restoration, does not really seem to
work as expected.
Let me show you through a detailed example.
# 01 - Let's create a file on Windows
- Right click, New, Text Document
# 02 - Assign a group to the file, with some specific access, to have
something to look at in ACLs
- Right click on the file, properties, security...
- I have added "grp1" group, only choosing "Write" permission for it.
# 03 - From Cygwin, let's have a look at the file permissions
$ ls -l testfile
----------+ 1 BEN None 0 May 20 23:19 testfile
$ ls -ln testfile
----------+ 1 1000500 1000513 0 May 20 23:19 testfile
# 04 - From Cygwin, let's have a look at the file ACLs
$ cacls testfile
C:\backup\testfile COMPUTER\grp1:(special access:)
SYNCHRONIZE
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_WRITE_EA
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\Authenticated Users:C
BUILTIN\Users:R
# 05 - Backup this file
- Use rsync from Cygwin using -a --acls
- Rsync server runs on Linux, in non-root user, with "fake super =
yes" : permissions and ACLs should be stored in extended attributes
# 06 - OK, backup is done, let's have a look at file on server,
espacially at extended attributes
$ getfattr -d -m - testfile
# file: testfile
user.rsync.%aacl=0sgAAAAIAAAAAHAAAAgAAAABIAAAAHAAAAIAIAAAcAAAAhAgAABQAAADFGDwACAAAA
user.rsync.%stat="100000 0,0 1000500:1000513"
- Perfect, permissions are correctly stored !
- ACLs have also been stored, but quite difficult to understand them,
let's assume it's OK.
# 07 - Restore the file now
- Of course use rsync with -a --acls to restore permissions and ACLs
# 08 - Let's verify permissions
$ ls -l testfile
----------+ 1 BEN None 0 May 20 23:19 testfile
$ ls -ln testfile
----------+ 1 1000500 1000513 0 May 20 23:19 testfile
- Perfect !
# 09 - Let's verify ACLs
$ cacls testfile
C:\restore\testfile COMPUTER\BEN:(special access:)
STANDARD_RIGHTS_ALL
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
STANDARD_RIGHTS_REQUIRED
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
COMPUTER\None:(special access:)
READ_CONTROL
FILE_READ_ATTRIBUTES
NT AUTHORITY\SYSTEM:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Administrators:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
BUILTIN\Users:R
COMPUTER\grp1:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_WRITE
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_WRITE_EA
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
Everyone:(special access:)
READ_CONTROL
FILE_READ_ATTRIBUTES
- So well, it does not look the same as the original file : somes
accesses have been removed, some other added, some users and groups
have been removed, some other added...
Would you have an explanation ?
Is there a solution to have exactly the same ACLs on the restored file ?
Thank you very much,
Best regards,
Ben
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple