ACLs etc and backup tools
Casey Schaufler
casey at sgi.com
Mon Oct 9 16:16:05 GMT 2000
I can tell you what we did in Trix, but I'll warn you up
front that it's a hack. I can't post the source (copyrights
and all that) but I can give you the design, and from that
it's a SMOP.
We add the -M option which specifies that security attributes
be saved or restored as appropriate.
In the archive creation case tar has an additional task prior to
saving each file in the archive. A file named "/tmp/TARphantom"
(or something like that) is filled with the attributes, listed
as name value pairs (e.g. "MAC=Secret"). This file is put on
the archive before the real file, which is saved per the
tar definition.
On extraction with -M, tar pulls files out normally, but
any time if finds a file which is not named "/tmp/TARphantom"
it opens "/tmp/TARphantom", and sets the attributes
found there on the current file, then removes "/tmp/TARphantom".
If extraction is done without -M "/tmp/TARphantom"
simply gets overwritten many times.
No changes required to the tar format, older versions
of tar are unaffected. If you have a valuable file
on your system named "/tmp/TARphantom", too bad.
--
Casey Schaufler Manager, Trust Technology, SGI
casey at sgi.com voice: 650.933.1634
casey_p at pager.sgi.com Pager: 888.220.0607
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list