Hello all --
For those interested in running Bacula 2.2.8 on Mac OS X 10.5.1 (Leopard)
including Leopard Server, I can confirm, with a simple Bacula backup and
restore test, that Bacula does not capture or restore file system resources
that have Access Control List (ACL) metadata only. Files with Mac OS X
Extended Attributs (EAs) which EAs are not ACLs seem to be captured and
restored just fine.
An example:
In the home directory of local domain directory users (such as the user with
a short name of "hydro"), Leopard has a standard set of folder names that
each user gets from the factory when a new home directory is created by the
Apple administrative tools, like these:
drwxr-xr-x 4 root admin 170 Jan 21 22:40 ..
> drwxr-xr-x+ 3 hydro staff 170 Jan 21 22:40 Sites
> drwxr-xr-x+ 3 hydro staff 170 Jan 21 22:40 Public
> drwx------+ 16 hydro staff 1292 Jan 22 01:21 Pictures
> drwx------+ 3 hydro staff 170 Jan 22 01:40 Music
> drwx------+ 7 hydro staff 646 Jan 22 01:41 Movies
> drwx------+ 39 hydro staff 1394 Jan 30 05:48 Library
> drwx------+ 4 hydro staff 238 Jan 31 13:00 Documents
> drwxr-xr-x+ 20 hydro staff 952 Jan 31 19:55 .
> drwx------+ 2 hydro staff 170 Feb 1 00:39 Downloads
> -rw-r--r--@ 1 hydro staff 12292 Feb 1 16:50 .DS_Store
> drwx------ 2 hydro staff 102 Feb 1 16:52 .Trash
> drwx------+ 4 hydro staff 748 Feb 1 19:31 Desktop
> -rw------- 1 hydro staff 4769 Feb 1 19:37 .bash_history
>
In the output of the ls command, you can see that there are some folders
with plus "+" characters in the file information adjacent to the read/write
privileges (I bold faced and highlighted the Movies folder). According to
various documentation and the ls man page, the "+" character means that the
Movies directory itself has Access Control List metadata only. From what I
have read on the web and in various Apple documentation, Mac OS X
implementation of ACLs are a typr of Extended Attributes(EAs, but not all
EAs are ACLs. An example of a file that has EA metadata but which EA
metadata is not an ACL, is the .DS_Store file (also highlighted and bold
faced in the above excerpt).
Bacula has zero problems capturing the .DS_Store document and restoring it
(I backed up the original home directory with Bacula 2.2.8 and restored it
to a different location on my hard drive). However, the folder resources
with ACL-only "+" characters were not restored by Bacula with the ACL
metadata and thus the restoration ended up looking like (with the "+"
missing):
drwx------ 7 hydro staff 646 Jan 22 01:41 Movies
>
To double confirm this, the ls command-line program (with the "e" switch) in
Leopard can read the ACL-only metadata. For example, from the original:
$ ls -altre Movies
>
yields information such as about who has access to the Movies folder:
drwx------+ 2 hydro staff 102 Jan 21 03:46 .
> 0: group:everyone deny delete
>
But when doing the same on the restored copy from Bacula, I confirm the
metadata is missing:
$ ls -altre Movies
>
yields:
drwx------ 2 hydro staff 102 Jan 21 03:46 .
>
Access Control Lists have been around in Mac OS X for some time (for sure in
Tiger) but Leopard is now starting to enforce them. On my Tiger Server
systems, I could disable ACLs. On Leopard, I can also disable them but every
time the machine reboots, ACLs are re-enabled automatically by Leopard. The
great hand of Apple is saying to us "tsk tsk, you should use ACLs"! So we
can override Apple by disabling ACLs on disc volumes shortly after they have
mounted (using a cron script to run the ACL disable tool), but this strikes
me as a kludge that is not necessary.
I wonder what would need to be done in the Bacula source to properly capture
and restore ACL metadata on file systems mounted to Mac OS X Leopard (or
Tiger for that matter) operating systems?
Does anyone have any suggestions?
Best regards,
Hydro
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
