[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ACLs

To: Mike Kallies <mike.kallies@gmail.com>
Subject: Re: ACLs
From: Tim Bishop <tim-lists@bishnet.net>
Date: Thu, 12 Dec 2013 09:51:54 +0000
Cc: tarsnap-users@tarsnap.com, cperciva@tarsnap.com
In-reply-to: <CAPYt=DFAOXiKmnBgZpx8iQDg2RnzWZ=OxB46UKTZMkK8k+DZEg@mail.gmail.com>
References: <CAPYt=DGanbRVT37L=WOx3VuxrK7wawU1JSg4c_vX43qN_iFcxw@mail.gmail.com> <20131210111052.GC28104@carrick-users.bishnet.net> <CAPYt=DEtUO_0nAnEYvxEUtSwyuoiEU6xV_Av3QHFF=uBSZtG7w@mail.gmail.com> <20131210205842.GD28104@carrick-users.bishnet.net> <CAPYt=DFAOXiKmnBgZpx8iQDg2RnzWZ=OxB46UKTZMkK8k+DZEg@mail.gmail.com>

Hi Mike,

I dug a little more and realised what I'd done wrong. I was using ZFS so
I'd used NFSv4 ACLs rather than POSIX ACLs. It looks like they're not
supported by tar or tarsnap yet. When I repeated the test with POSIX
ACLs it worked in both tar and tarsnap.

I wonder if there's some compatibility issue between libarchive and
POSIX ACLs on Linux? (asked Google) Yes, there does appear to be some
problems there:

https://bugzilla.redhat.com/show_bug.cgi?id=993048
http://pkgs.fedoraproject.org/cgit/libarchive.git/commit/?id=da58d4e8afce6acca54475be528f6b948aa2951a

Colin - do you know which version of libarchive tarsnap is based on? (I
am correct in my recollection that tarsnap uses libarchive, right?)
Although it's not immediately clear to me if that fix has been merged.

Mike - that getfacl/setfacl trick on the stackexchange page looks like
it'd be a reasonable workaround. If you do the getfacl before tarsnap
you can have it backup the acl file too :-)

Tim.

On Wed, Dec 11, 2013 at 10:52:39AM +0100, Mike Kallies wrote:
> Very interesting.  Seems to be a common problem:
> 
> http://unix.stackexchange.com/questions/391/what-to-use-to-backup-files-preserving-acls
> 
> The getfacl/setfacl trick is my planB on this.  Fortunately our ACLs
> over here aren't too complex.  I hope there's some other trick to fix
> this.
> 
> 
> -Mike
> 
> On Tue, Dec 10, 2013 at 9:58 PM, Tim Bishop <tim-lists@bishnet.net> wrote:
> > Hi Mike,
> >
> > For what it's worth, it also doesn't work for me on FreeBSD. And what's
> > more, it didn't work with tar either (which as I understand uses the
> > same archive library). So either I'm doing something dumb, or something
> > is broken. I'd expect the former :-)
> >
> > root:~ # ls -la file
> > -rw-r--r--+ 1 root  wheel  5 Dec 10 20:50 file
> >
> > root:~ # getfacl file
> > # file: file
> > # owner: root
> > # group: wheel
> >           user:tdb:rwxp----------:------:allow
> >             owner@:rw-p--aARWcCos:------:allow
> >             group@:r-----a-R-c--s:------:allow
> >          everyone@:r-----a-R-c--s:------:allow
> >
> > root:~ # tar -cpf file.tar file
> > root:~ # rm file
> > root:~ # tar -xpf file.tar
> >
> > root:~ # ls -la file
> > -rw-r--r--  1 root  wheel  5 Dec 10 20:50 file
> >
> > root:~ # getfacl file
> > # file: file
> > # owner: root
> > # group: wheel
> >             owner@:rw-p--aARWcCos:------:allow
> >             group@:r-----a-R-c--s:------:allow
> >          everyone@:r-----a-R-c--s:------:allow
> >
> > I'd be interested to hear from others.
> >
> > Tim.
> >
> > On Tue, Dec 10, 2013 at 05:40:36PM +0100, Mike Kallies wrote:
> >> Hello Tim,
> >>
> >> I used the -p option.
> >>
> >> e.g., below:
> >>
> >> mike@vm-mktest:~/tarsnap$ getfacl acltest/dir1/file3
> >> # file: acltest/dir1/file3
> >> # owner: mike
> >> # group: mike
> >> user::rw-
> >> user:root:r--
> >> group::rw-
> >> mask::rw-
> >> other::r--
> >>
> >> mike@vm-mktest:~/tarsnap$ tarsnap --keyfile ./acltest.key -c
> >> --cachedir ./tarsnapcache/ -f aclbackup ./acltest
> >> mike@vm-mktest:~/tarsnap$ mv acltest acltest.old
> >> mike@vm-mktest:~/tarsnap$ tarsnap --keyfile ./acltest.key -p -x
> >> --cachedir ./tarsnapcache/ -f aclbackup acltest
> >> mike@vm-mktest:~/tarsnap$ getfacl acltest/dir1/file3
> >> # file: acltest/dir1/file3
> >> # owner: mike
> >> # group: mike
> >> user::rw-
> >> group::rw-
> >> other::r--
> >>
> >>
> >> I've also tried:
> >>   - backing up and restoring using sudo.
> >>   - compiling and installing on an Ubuntu 12.04 LTS
> >>
> >> Tarsnap 1.0.35 in my tests.
> >>
> >> Thanks for any input,
> >>
> >> -Mike
> >>
> >>
> >> On Tue, Dec 10, 2013 at 12:10 PM, Tim Bishop <tim-lists@bishnet.net> wrote:
> >> > On Mon, Dec 09, 2013 at 02:41:11PM +0100, Mike Kallies wrote:
> >> >> Not sure if this is just an issue for me, but ACLs on tarsnap are
> >> >> giving me some trouble.
> >> >>
> >> >> I cross-compiled Tarsnap to run on an ARM box for a QNAP appliance, it
> >> >> seems to work great.  The only problem is that ACLs are giving me
> >> >> trouble.
> >> >>
> >> >> This is the original which was backed up then 'mv'ed to testfolder.orig:
> >> >>
> >> >> [/share/MD0_DATA] # getfacl testfolder.orig/test.txt
> >> >> # file: testfolder.orig/test.txt
> >> >> # owner: mike
> >> >> # group: everyone
> >> >> user::rwx
> >> >> user:guest:---
> >> >> group::rwx
> >> >> group:dev:rwx
> >> >> group:bots:r-x
> >> >> mask::rwx
> >> >> other::rwx
> >> >>
> >> >> This is the restore whcih was brought back to testfolder/test.txt
> >> >> (along with the whole directory)
> >> >>
> >> >> [/share/MD0_DATA] # getfacl testfolder/test.txt
> >> >> # file: testfolder/test.txt
> >> >> # owner: mike
> >> >> # group: everyone
> >> >> user::rwx
> >> >> group::rwx
> >> >> other::rwx
> >> >>
> >> >>
> >> >> As you can see the ACLs seem to be stripped, this applies to all the
> >> >> other files and folders which were brought back.
> >> >>
> >> >> Anyone have any suggestions as to what I might try to troubleshoot?
> >> >> Does anyone else have a problem with ACLs?  Did I break something
> >> >> cross-compiling?
> >> >
> >> > What flags did you use when doing the restore? Did you use -p?
> >> >
> >> >      -p      (x mode only) Preserve file permissions.  Attempt to restore the
> >> >              full permissions, including owner, file modes, file flags and
> >> >              ACLs, if available, for each item extracted from the archive.  By
> >> >              default, newly-created files are owned by the user running
> >> >              tarsnap, the file mode is restored for newly-created regular
> >> >              files, and all other types of entries receive default permis-
> >> >              sions.  If tarsnap is being run by root, the default is to
> >> >              restore the owner unless the -o option is also specified.
> >> >
> >> > Tim.
> >> >
> >> > --
> >> > Tim Bishop
> >> > http://www.bishnet.net/tim/
> >> > PGP Key: 0x6C226B37FDF38D55
> >> >
> >
> >
> > Tim.
> >
> > --
> > Tim Bishop
> > http://www.bishnet.net/tim/
> > PGP Key: 0x6C226B37FDF38D55
> >


Tim.

-- 
Tim Bishop
http://www.bishnet.net/tim/
PGP Key: 0x6C226B37FDF38D55

Follow-Ups:
- Re: ACLs
  - From: Colin Percival <cperciva@tarsnap.com>

References:
- ACLs
  - From: Mike Kallies <mike.kallies@gmail.com>
- Re: ACLs
  - From: Tim Bishop <tim-lists@bishnet.net>
- Re: ACLs
  - From: Mike Kallies <mike.kallies@gmail.com>
- Re: ACLs
  - From: Tim Bishop <tim-lists@bishnet.net>
- Re: ACLs
  - From: Mike Kallies <mike.kallies@gmail.com>

Prev by Date: Re: ACLs
Next by Date: Re: ACLs
Previous by thread: Re: ACLs
Next by thread: Re: ACLs
Index(es):
- Date
- Thread