Hi Szaka, > Message du 04/05/08 02:40 > De : "Szabolcs Szakacsits" <[EMAIL PROTECTED]> > A : "Jean-Pierre ANDRE" <[EMAIL PROTECTED]> > Copie à : [email protected] > Objet : Re: [ntfs-3g-devel] Posix ACLs for ntfs-3g > > > Hi Jean-Pierre, > > On Fri, 2 May 2008, Jean-Pierre ANDRE wrote: > > > > 1. How well tar's --acl option can cope this way with the Windows ACLs > > > (backup/restore)? > > > > The "Posix ACL for NTFS" is just an implementation of the Posix ACL, > > not some sort of "Windows ACL for Linux". > > > > This means "tar --acl" will deal with the Posix representation. It > > will save and restore any ACL which has been set by a "setfacl", but > > it will only save and restore an approximation of ACLs which were > > set by Windows. > > This sounds good. > > What I really meant is how relevant is the loss? It's said that Windows > ACLs are overcomplicated and not many people use them in their full > capacity. If most of the loss is the non-used settings then practically > it could mean that there is no serious loss. >
There is no simple answer. Posix ACLs are a generalization of tradition rwx flags where you can state specific rights for any designated user or group. For instance you can grant rwx to three users, and grant r-x access to two groups and deny all access to anybody else. But you only decide about the r, the w and the x rights. Windows has a more fine control over what is allowed or denied : it makes a difference between overwriting a file and appending to a file, or between writing standard attributes (eg times) and writing extended attributes, etc. So for instance the Linux "w" flag has to be mapped to these four flags to be allowed to write data, to append data, to update the modification time after writing, etc. and if any of them is set by Windows, when converted to Linux you only get a single 'w' flag which maps to the four of them after saving and restoring. Also, in Linux the right to delete a file is related to the right to write into the parent subdirectory. A similar right exists in Windows (distinct from the right to create a file), but there is another condition related to the file itself (not the parent directory). This latter right has no equivalent in Posix ACL and is lost through the conversions. What may be more troublesome is the fact that Linux attaches implicit rights to the owner of a file (eg the rights to change permissions or group), whereas Windows grants nothing special to the owner. For instance the right to change the permissions may be denied to the owner and to the administrator, but granted to some specific user. After converting to Linux you obviously lose such configurations. Now what you may lose through the conversions depends on what you have in store. There are easy ways to deal with a dual-boot family configuration with different accounts and specific rights for parents and children (you do not even need Posix ACLs for that). On a company server with several teams and hierarchical positions, the losses will not be acceptable, but such servers only run on Windows or Linux and not both. The nearest situation is a Linux server running NFS for Linux clients and Samba for Windows clients. The windows clients will suffer from a double conversion with loss. In such configuration I really recommend the permissions in each subdirectory to be managed in a single mode (using either Linux to set the ACLs and backup/restore, or Windows, but not both within the same subdirectory). The result should be acceptable for both Linux clients and Windows clients on any subdirectory. Note that this is not new : the same goes for Samba on ext3. Regards Jean-Pierre ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ ntfs-3g-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
