Reputation: 117
How to clone ACL permissions?
I've just found out that my backups were missing ACL and the restore will not work until this is fixed.
Luckily I have the luxury of checking what the permissions should look like on a running system, e.g:
RESTORED:
# file: samba/sysvol
# owner: root
# group: 3000000
user::rwx
group::rwx
other::---
RUNNING:
# file: samba/sysvol
# owner: root
# group: 3000000
user::rwx
user:root:rwx
group::rwx
group:3000000:rwx
group:3000001:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:3000000:rwx
default:group:3000001:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---
There are no trivial permissions patterns to follow so manual reconciliation would take very long and be error prone.
QUESTION:
Is it possible to "clone" ACL permissions?
I.e. recursively read ACL (getfacl?) on all files and folders and write (setacl?) to the same list of files and folders elsewhere?
Upvotes: 9
Views: 14831
Answers (2)
Reputation: 321
I was looking for a single command to duplicate a directory with ownership,permissions,ACLs without recursively copying the contents. I ended up with a multi command solution involving mkdir, chown, chmod, setfacl, getfacl :-)
proj=project1
srcbase="/mydata"
destbase="/archive/mydata"
if [ ! -d $destbase/$proj ]; then
echo "Cloning properties of $srcbase/$proj to $destbase/$proj"
mkdir $destbase/$proj
chown --reference=$srcbase $destbase/$proj
chmod --reference=$srcbase $destbase/$proj
cd $srcbase
getfacl $proj > /tmp/${proj}.acl
cd -
cd $destbase
setfacl --restore /tmp/${proj}.acl
cd -
else
echo "Archive directory already exists, skipping: $destbase"
fi
unset proj srcbase destbase
Perhaps there's a way to do this with rsync by telling it not to travers the directory...
Upvotes: 0
Reputation: 543
If source and destination are both locally or you can copy between them over SSH or rsync protocol you can use rsync -A to copy ACL between directories.
This will copy ACL locally on same machine.
rsync -Ar dir1/ dir2/
If both servers have compatible ACL you can use it to copy ACL over network without actually copying files over again.
rsync -Ar /dir1/ user@destination:/dir2/
or
rsync -Ar user@source:/dir1/ /dir2/
depending on which server you are running command.
From rsync manpages:
-A, --acls This option causes rsync to update the destination ACLs to be the same as the source ACLs. The option also implies --perms.
The source and destination systems must have compatible ACL entries for this option to work properly. See the --fake-super option for a way to backup and restore ACLs that are not compatible.
Upvotes: 5
Related Questions
- Cloning permissions of a folder to another folder
- Clone permissions from identical folders recursively
- chmod - replicate user permissions to group/world
- How to copy permissions from source folder into destination?
- Convert file permissions in Bash
- How to copy only file permissions and user:group from one machine and apply them on another machine in linux?
- How to modify bash command to change permissions
- Migrate Files to another server with ACL permissions
- setfacl: about the options
- Restoring ACL using setfacl/getfacl?