> In Article <9404221931.AA40747@ilx126>
> [EMAIL PROTECTED] ("[EMAIL PROTECTED] (Igal Iancu)") writes:
> >Does anyone have a version of tar, or GNU-tar that stores/restores ACL
> >information?
>
> I've never seen such a utility, but I've been thinking about writing one.
> The main problem is that I can find no documentation on the interfaces
> provided by the AFS libraries.
>
> At any rate, if anyone has seen a "tar" that understands ACL's, I'd like
> to hear about it.
The main thing about tar is that it is an interchangeable file format, and
thus ACLs cannot easily incorporated into that. If they are included in the
file header, other tar processors will refuse to read it, defeating the
purpose.
The next approach would be to abuse one of the existing fields to store the
ACLs. Again this will probably fail, as the only field nearly big enough is
the 150 or so byte file name prefix field, and on extracting you would end
up with paths like
.../fred=ro/bill=rw/bob=x/mydir/myfile
for a file myfile in directory mydir which fred has read access to, bill
read/write access, and bob execute only access. It is unlikely that you
would be happy with that, or that the field is long enough in interesting
cases.
There is the problem that the user named fred on the system where you
extract the file may not be similar to the user fred on the system where
you created the tar set, and you may not want user fred on the new system
to read your files. It can also be that fred has turned into an agent of
the Evil Enemy by time you extract the files on the same cell.
Another scheme is to save a list of files and their ACL information,
including user names and the cell name, in an additional file on the tar
set, and provide an AFS utility to process that file after it has been
unpacked on an AFS system. On a non-AFS system there would just be that
(probably useless) file, which the receiving user would have to delete.
Then there is the vexed problem of the Backup directory. If you go away
>From a site in a hurry (or want to make a tape in a hurry), you are likely
to go to your home directory and make a tar set giving "." as the list of
files. On a non-AFS system this is fine, it just gives you all the files
recently changed in both versions, on an AFS system this is likely to be a
problem (at least for naive users).
The only way out of that one is to put the Backup directory as an
additional user, or even as an additional user directory structure, i.e.
putting the Backup and fred's Home directory thus:
.../afsusers/fred and .../afsusers/fred-Backup
or .../afsusers/fred and .../afsusers-Backup/fred
in both cases users need to be allowed to read above their home directory,
which you as an administrator may not be entirely happy with.
Thomas
* email: cmaae47 @ imperial.ac.uk (uk.ac.imperial on Janet)
* voice: +44 (1)71 594 6904 or 9000 (day)
* fax: +44 (1)71 594 6957
* snail: Thomas Sippel - Dau
* User Support Services
* The Center for Computing Services
* Imperial College of Science, Technology and Medicine
* Exhibition Road
* Kensington SW7 2BX
* Great Britain
