archiving acls: tar and cpio

Michael Ju. Tokarev mjt at tls.msk.ru
Sat Oct 14 00:19:47 GMT 2000 

After reading of some docs (I finally got Austin group
drafts -- thanks Andreas!), and reverse-ingeneering of
Solaris formats, I have the following:

The best way to do this is to use/extend pax utility,
based on Austing group draft.  BTW, I like the pax command
line interface -- it is simpler than of the tar and cpio,
and have very powerful features.  Austin group already defined
a common way of extending `pax' format (based on `ustar') --
by using extended header (`g' and `e' typeflags in ustar
header).  That headers should contain a series of attribute
definitions like this:
  len keyword=value\n
where len is a full length of the `keyword=value\n',
keyword is an attribute name and value is it's value.
Currently there are some keywords already defined, such
as `comment', `gname' etc.   There are already defined keyword
_prefix_ to deal with our needs here:

  security.any  The keywords prefixed by ``security.'' are
   reserved for future standartization.

Based on this, ACLs can be stored like this:

  nnn security.acl=user::rwx,...,group:staff:r--\n

The problems with this pax format are:

  o currently the format of the acl `value' is not
   defined, and even keyword for it.
  o there are no pax utility available in widespread
   use in gnu/linux systems.
  o there are no other systems exists that supports
   this non-existed format.  For systems that have
   pax implementation, our `security.acl' attribute
   will be simply ignored.

Most commonly used format now is `tar' (ustar) format,
and gnu tar implementation.

I looked to implementation of solaris's tar and cpio
utilities -- there is a possibility to use their format
also in just "plain" tar/cpio, and be compatible at least
with one existed system.  Here it comes:

Both utilitied uses common method of storing ACLs, and
this method compatible with pax way of extending ustar
archives and posix definitions for ustar and cpio.
ACLs stored in a file of special type (stored in typeflag
field in tar and mode field in cpio) just before actual
file for that this ACLs defined.  This is how pax stores
it's extended header.  Other fields in header are just the
same as for following file itself except of size field.
ACL data itself stored "in first file".
This way, for "older" archivers that can try to extract
this "pair" of files, original file will be extracted
twice, first time with contents of ACLs and second with
actual data.

Both tar and cpio shares common format for ACLs data.
It defined as follows:

  <number>\0<acl data>\0

("file" size is a size of this sequence including number
and trailing zero).  <number> is an octal representation
of count of acl entries with added 01000000 (I don't know
what this value means -- may be version?).  For example,
for ACL set with 8 entries <number> will be `1000010'.
<acl data> is a text representation of acl entries,
delimited by commas.  Example (split to two lines for
readability):

 1000010\0user::rw-,user:root:r-x,user:oracle:rwx,group::\
 r--,group:root:r-x,group:bin:rwx,mask::r--,other::r--,\0

(this has size 110 decimal -- from the first '1' to last
'\0' inclusive).

tar:
  typeflag is 'A' (defined by POSIX as "implementation-defined").
  Other types defined by POSIX and by gnu tar (extracted
from tar.h from tar-1.13.17):

/* Values used in typeflag field.  */
#define REGTYPE  '0'            /* regular file */
#define AREGTYPE '\0'           /* regular file */
#define LNKTYPE  '1'            /* link */
#define SYMTYPE  '2'            /* reserved (gnu tar) */
#define CHRTYPE  '3'            /* character special */
#define BLKTYPE  '4'            /* block special */
#define DIRTYPE  '5'            /* directory */
#define FIFOTYPE '6'            /* FIFO special */
#define CONTTYPE '7'            /* reserved (gnu tar) */

/* This is a dir entry that contains the names of files that were in the
   dir at the time the dump was made.  */
#define GNUTYPE_DUMPDIR 'D'
/* Identifies the *next* file on the tape as having a long linkname.  */
#define GNUTYPE_LONGLINK 'K'
/* Identifies the *next* file on the tape as having a long name.  */
#define GNUTYPE_LONGNAME 'L'
/* This is the continuation of a file that began on another volume.  */
#define GNUTYPE_MULTIVOL 'M'
/* For storing filenames that do not fit into the main header.  */
#define GNUTYPE_NAMES 'N'
/* This is for sparse files.  */
#define GNUTYPE_SPARSE 'S'
/* This file is a tape/volume header.  Ignore it on extraction.  */
#define GNUTYPE_VOLHDR 'V'


cpio:
  mode `type' has value 016 (octal).
  Other modes defined:
   004 directory
   001 fifo
   010 regular file
   006 block special
   002 char special
   011 reserved
   012 reserved
   014 reserved




The format choosed by Solaris seemed to be good for me.
And I see that this can be easily implemented inside
both gnu tar and gnu cpio.

Now, I have a question... :)
Archiving needs to be done just _now_.  There are already
exists some format for archives.  New standard format isn't
ready.  What we should do now?

Does someone (except me) interested in having some method of
archiving files that will be incompatible with future formats
(well, if gnu pax will not support e.g. solaris extensions)?
This will be temporary and incomplete solution, but real one.
Or maybe someone have better proposals?

BTW, the format I described here does not deal with other
extended attributes at all.


Comments, please?

Thank you for your time.

Regards,
 Michael.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list