rsync and Access Control Lists
At last meeting of Security Treff Graz I brought up the question whether rsync is capable of handling extended ACLs (the Access Control Lists you handle with setfacl and getfacl on your Linux system). That’s very important for me when backing up running systems because I’m using ACLs on some systems but only a few programs (like star) are aware of the ACLs. So I took a closer look at it and the answer whether rsync supports extended ACLs is: "depends".
Out of the box rsync does not handle extended ACLs. But: there is a patch available (patches/acls.diff in upstream-sources) which provides support for ACLs via option ‘-A’. The best news: Debian uses the patch by default now starting with rsync 2.6.9-1 so we have ACL support within rsync on upcoming Debian/etch as well. This is very important because the nonstandard option only works if the remote rsync also supports it.
January 16th, 2007 at 11:04
ITYM posix ACLs. The “extended” thingie is the attributes…stuff like append-only flags etc. They get confused a lot on Linux because the ACLs are a posix standard (duh) while the extended attributes are a (really useful) Linux specialty, although some of them are available by other names/interfaces on other OSs, e.g. the BSD flags on FreeBSD.
January 16th, 2007 at 16:55
“ACLs equivalent with the file mode permission bits are called minimal ACLs. They have three ACL entries. ACLs with more than the three entries are called extended ACLs. Extended ACLs also contain a mask entry and may contain any number of named user and named group entries. […] Because other kernel and user space extensions in addition to ACLs benefit from being able to associate pieces of information with files, Linux and most other UNIX-like operating systems implement a more general mechanism called Extended Attributes (EAs). On these systems, ACLs are implemented as EAs.” — http://www.suse.de/~agruen/acl/linux-acls/online/
mfg,
-mika-