Is there a way to backup the directory ACL's for a directory and all
it's subdirectories? I don't want to backup the ACL's for the files
therein, just directories.

I'm aware of the -p option on tar, but tar will also pick up the files
which I don't really want.
--
To reply by email remove "_nospam"

In article <37eon9F575lirU1@individual.net>,
Chuck <skilover_nospam@softhome.net> wrote:
>Is there a way to backup the directory ACL's for a directory and all
>it's subdirectories? I don't want to backup the ACL's for the files
>therein, just directories.
>
>I'm aware of the -p option on tar, but tar will also pick up the files
>which I don't really want.

Sun's tar uses a broken archiveformat for ACLs. It does not work
if the server does not know the names for the uid's.
Sun's tar also fails to extract files correctly if they don't have
ACLs but are located inside a directory with default ACLs.

Better use star ftp://ftp.berlios.de/pub/star/alpha/

star -c -Hexustar -acl pat=*/ . > /tmp/archive.tar



--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni)
schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily

In article <37eon9F575lirU1@individual.net>, Chuck wrote:
> Is there a way to backup the directory ACL's for a directory and all
> it's subdirectories? I don't want to backup the ACL's for the files
> therein, just directories.

If you don't want to use star (but Joerg's probably right that you
should) for some reason:

find . -type d -print0 | xargs -0 getfacl

To get output that you can feed to setfacl -f again, assuming findutils
that know /-(print)?0/ parameters.

That output could, e.g., be fed into a file that can be included in the
backup to store human readable ACL information (ASCII is easy to correct
in case of flipped bits).

BTW, a -n argument for getfacl would be really useful (classical
semantics: report numerically what can be reported numerically, in this
case uid/gid) and wouldn't need breaking any interfaces since no such
flag exists now. Should be easy, could hack it myself if OpenSolaris was
out.

lg, Bernd
--
There was only one road back to L.A.

In article <slrnd16389.29n.bhau-news@014-220.efkon>,
Bernd Haug <bhau-news@efkon.com> wrote:
>In article <37eon9F575lirU1@individual.net>, Chuck wrote:
>> Is there a way to backup the directory ACL's for a directory and all
>> it's subdirectories? I don't want to backup the ACL's for the files
>> therein, just directories.
>
>If you don't want to use star (but Joerg's probably right that you
>should) for some reason:
>
>find . -type d -print0 | xargs -0 getfacl

Find has no option -print0

You may like to use a command line that is supported by find:

find . -type d -exec getfacl {} +

--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni)
schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily

Joerg Schilling wrote:
> In article <37eon9F575lirU1@individual.net>,
> Chuck <skilover_nospam@softhome.net> wrote:
>
>>Is there a way to backup the directory ACL's for a directory and all
>>it's subdirectories? I don't want to backup the ACL's for the files
>>therein, just directories.
>>
>>I'm aware of the -p option on tar, but tar will also pick up the files
>>which I don't really want.
>
>
> Sun's tar uses a broken archiveformat for ACLs. It does not work
> if the server does not know the names for the uid's.
> Sun's tar also fails to extract files correctly if they don't have
> ACLs but are located inside a directory with default ACLs.
>
> Better use star ftp://ftp.berlios.de/pub/star/alpha/
>
> star -c -Hexustar -acl pat=*/ . > /tmp/archive.tar
>
>
>

I think in my case tar will work. All of the users are defined locally,
and though the directories do have default ACL's, all of the files will
have ACLs as well. Thanks for the tip though. If I ever get away from
the current architecture, star may be the way to go.

One thing I don't quite understand is that if ACL's are a posix feature,
why doesn't the posix archiver pax handle them?

--
To reply by email remove "_nospam"

In article <cuv5pu$mil$1@news.cs.tu-berlin.de>, Joerg Schilling wrote:
> Find has no option -print0

GNU find has. I mentioned "findutils w/ print0/0 argument support".

I generally like GNU find better than Sun, but maybe that's just being
more used to it.

Basically, I like that most GNU utils make it a bit harder to shoot
yourself in the foot; recent GNU rm -r .* doesn't recurse into .. that
easily, and generally fewer utils w/ side effects follow symlinks by
default.

Maybe it's because I'm stupid; but computers give me enough ammo anyway,
so why ask for the cocked shotgun too?

But I digress.

lg, Bernd
--
There was only one road back to L.A.

Bernd Haug <bhau-news@efkon.com> writes:

>Basically, I like that most GNU utils make it a bit harder to shoot
>yourself in the foot; recent GNU rm -r .* doesn't recurse into .. that
>easily, and generally fewer utils w/ side effects follow symlinks by
>default.

Neither does Solaris "rm".

In Solaris 10, you can even attempt "rm -rf /".

Casper

Joerg Schilling wrote:
> In article <37eon9F575lirU1@individual.net>,
> Chuck <skilover_nospam@softhome.net> wrote:
>
>>Is there a way to backup the directory ACL's for a directory and all
>>it's subdirectories? I don't want to backup the ACL's for the files
>>therein, just directories.
>>
>>I'm aware of the -p option on tar, but tar will also pick up the files
>>which I don't really want.
>
>
> Sun's tar uses a broken archiveformat for ACLs. It does not work
> if the server does not know the names for the uid's.
> Sun's tar also fails to extract files correctly if they don't have
> ACLs but are located inside a directory with default ACLs.
>
> Better use star ftp://ftp.berlios.de/pub/star/alpha/
>
> star -c -Hexustar -acl pat=*/ . > /tmp/archive.tar
>


Can you give me a test case to show this bug in Sun's tar command? I
just ran through the following and it worked just as expected. What did
I do wrong?

$ mkdir test
$ setfacl -m d:u::rwx,d:g::---,d:---,m:rwx
$ touch test/a
$ ls -ld test test/a
drwxr-xr-x+ 2 oracle dba 512 Feb 16 11:18 test/
-rw------- 1 oracle dba 0 Feb 16 11:18 test/a

The directory is ACL'ed, the file is not. Now backup and restore with tar.

$ tar cpvf test.tar test
$ rm -rf test
$ tar xpf test.tar
$ ls -ld test test/a
drwxr-xr-x+ 2 oracle dba 512 Feb 16 11:18 test/
-rw------- 1 oracle dba 0 Feb 16 11:18 test/a

The file named "a" was restored with no ACL's, the directory was
restored with ACL's. I didn't include the getfacl output but it was
exactly what I backed up. I'm using Solaris 8 (SunOS 5.8)
--
To reply by email remove "_nospam"

Chuck wrote:
> $ mkdir test
> $ setfacl -m d:u::rwx,d:g::---,d:---,m:rwx

type-o. Should say...

$ setfacl -m d:u::rwx,d:g::---,d:---,m:rwx test

In article <37h2urF5d9sajU1@individual.net>,
Chuck <skilover_nospam@softhome.net> wrote:

>> Better use star ftp://ftp.berlios.de/pub/star/alpha/
>>
>> star -c -Hexustar -acl pat=*/ . > /tmp/archive.tar
>>
>>
>>
>
>I think in my case tar will work. All of the users are defined locally,
>and though the directories do have default ACL's, all of the files will
>have ACLs as well. Thanks for the tip though. If I ever get away from
>the current architecture, star may be the way to go.
>
>One thing I don't quite understand is that if ACL's are a posix feature,
>why doesn't the posix archiver pax handle them?

POSIX did try to standardize ACL but stopped when they have been
99% ready.

If POSIX will ever standardize ACLs inside a tar archive, they will
most likely use what star is curently doing.

--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni)
schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily