[ACL-Devel] archiving acls: tar and cpio
Andreas Gruenbacher
ag at bestbits.at
Mon Oct 16 19:28:23 GMT 2000
On Mon, 16 Oct 2000, Robert Watson wrote:
>
> So I don't have a whole lot of opinions on the matter of ACL backups, but
> do have a few preferences in the name of making it likely you can tar/pax
> a file on Linux, and untar/pax it on FreeBSD and have the results make
> sense :-).
That would be a really good thing.
> 1) The backup format should use the closest possible approximation to the
> POSIX.1e ACL text format that can satisfy its requirements. I accept the
> argument that you may want to back up with both usernames and uids, and
> right now the ACL text format doesn't let you do that. My preference on
> the alternative format would be an extension to the qualifier field, in
> or close to the manner described by someone already:
>
> user::rw,user:rwatson#1000:rw,group::r,mask::rw,other:r
So you think the '#' character is appropriate. I can live with that, but I
think another delimiter would be better. Right now, one can easily write a
parser that accepts both comma separated and multi-line ACL formats
automatically. If the '#' character is reused, that becomes pretty hard as
it introduces a comment in line oriented format. So I would prefer a
different delimiter, like '%' or whatever.
Robert, what's your opinion on this?
> As such, we should introduce a new acl_from_text() varient that allows the
> caller to specify precedence rules, etc. acl_from_text() is already
> required to turn usernames into uid's, so there would be no new
> functionality dependencies. You could imagine:
>
> acl_from_text_extended(const char *buf_p, int options)
That makes a lot of sense. In fact, I have implemented the reverse
operation in a similar way already: acl_to_any_text() takes a couple of
additional parameters, including a bit mask, with wich you can control
whether `#effective:' comments are generated, whether id's or names are
printed, etc. acl_to_text() is implemented as a special case.
> > Where options could be a bitmask or choice specifying the desired
> behavior, with 0 indicating to act identically to acl_from_text(). You
> could imagine options such as:
>
> ACL_FROM_TEXT_IDS_ONLY # use numeric ids only, fail if none
> ACL_FROM_TEXT_IDS_PREFER # use numeric ids in preference to names
> ACL_FROM_TEXT_NAMES_PREFER # use names in preference to numeric ids
> ACL_FROM_TEXT_NAMES_ONLY # use names only, fail if none
> ACL_FROM_TEXT_ONE_ONLY # use whatever is there, but fail if
> # both exist
> ACL_FROM_TEXT_FAIL_AMIGUOUS # use whatever is there, but fail if
> # both and ambiguous
>
> Of the last two, I'd probably prefer ONE_ONLY to FAIL_AMBIGUOUS. :-)
The minimum I would require would be to use names whenever possible, and
to fall back to uid's if a name is not defined (like GNU tar, or
ACL_FROM_TEXT_NAMES_PREFER). Also, an option is required to explicitly
ignore names (say, ACL_FROM_TEXT_IDS_ONLY).
ACL_FROM_TEXT_IDS_PREFER is redundant if the ACL string contains id's
consistently, which they usually should. I would prefer not to implement
the other flags `just in case', and I'm not sure they are really needed.
> 2) Rules for interpreting ACLs and giving preference to ACL vs mode, both
> types of ACLs, etc, be well-defined. For example, use vendor name
> posix1e, attribute names acl.{access,default}.
As I understand the specs, the `security.' prefix is reserved for ACLs and
similar objects. The names `security.acl.access' and
`security.acl.default' should be fine.
However, before using these names, I would like to hear the opinions of
others (particularely those who wrote the pax spec and those who wrote the
1003.1e/1003.2c specs).
> Given the presence of mode and ACL, use a fixed combining rule so as
> to get relevant features of both: suid bits, etc. Well defined
> warning and failure modes: if default ACL exists for a directory, spit
> out a particular error, what to do if ACLs are stored in the archive
> but not supported on the target file system (warn and apply mode only,
> which should have appropriate mask-relationships with the ACL, etc.
A useful check would be to compare the file mode permission bits against
the ACL entries. I would give the ACL precedence in case of conflicts, on
filesystems that support them. On other filesystems, the file mode
permission bits might be a better choice.
> Deciding these things in advance means we're much more likely to be able
> to get some minimum level of portability :-). Extending the from_text api
> means some hope of consistent parsing and precedence rules.
This involves at least the following:
- function name and interface, required flags, etc.
- which extended attribute names to use in the pax archive
- ACL format to be used
- rules how to combine the file mode permission bits with the ACL
Thanks,
Andreas
------------------------------------------------------------------------
Andreas Gruenbacher, a.gruenbacher at computer.org
Contact information: http://www.bestbits.at/~ag/
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list