[ACL-Devel] archiving acls: tar and cpio

Robert Watson rwatson at FreeBSD.org
Mon Oct 16 17:10:05 GMT 2000 

So I don't have a whole lot of opinions on the matter of ACL backups, but
do have a few preferences in the name of making it likely you can tar/pax
a file on Linux, and untar/pax it on FreeBSD and have the results make
sense :-).

1) The backup format should use the closest possible approximation to the
POSIX.1e ACL text format that can satisfy its requirements.  I accept the
argument that you may want to back up with both usernames and uids, and
right now the ACL text format doesn't let you do that.  My preference on
the alternative format would be an extension to the qualifier field, in
or close to the manner described by someone already:

   user::rw,user:rwatson#1000:rw,group::r,mask::rw,other:r

As such, we should introduce a new acl_from_text() varient that allows the
caller to specify precedence rules, etc.  acl_from_text() is already
required to turn usernames into uid's, so there would be no new
functionality dependencies.  You could imagine:

  acl_from_text_extended(const char *buf_p, int options)

Where options could be a bitmask or choice specifying the desired
behavior, with 0 indicating to act identically to acl_from_text().  You
could imagine options such as:

  ACL_FROM_TEXT_IDS_ONLY	# use numeric ids only, fail if none
  ACL_FROM_TEXT_IDS_PREFER	# use numeric ids in preference to names
  ACL_FROM_TEXT_NAMES_PREFER	# use names in preference to numeric ids
  ACL_FROM_TEXT_NAMES_ONLY	# use names only, fail if none
  ACL_FROM_TEXT_ONE_ONLY	# use whatever is there, but fail if
				# both exist
  ACL_FROM_TEXT_FAIL_AMIGUOUS	# use whatever is there, but fail if
				# both and ambiguous

Of the last two, I'd probably prefer ONE_ONLY to FAIL_AMBIGUOUS.  :-)

2) Rules for interpreting ACLs and giving preference to ACL vs mode, both
types of ACLs, etc, be well-defined.  For example, use vendor name
posix1e, attribute names acl.{access,default}.  Given the presence of mode
and ACL, use a fixed combining rule so as to get relevant features of
both: suid bits, etc.  Well defined warning and failure modes: if default
ACL exists for a directory, spit out a particular error, what to do if
ACLs are stored in the archive but not supported on the target file system
(warn and apply mode only, which should have appropriate
mask-relationships with the ACL, etc. 

Deciding these things in advance means we're much more likely to be able
to get some minimum level of portability :-).  Extending the from_text api
means some hope of consistent parsing and precedence rules.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list