On Sun, 2008-11-02 at 20:48 +0000, Andrew Gideon wrote: > As you'll see below, -A yields the same results: > > > [EMAIL PROTECTED] t]# getfacl f1 f2 > # file: f1 > # owner: adm > # group: sys > user::r-x > group::r-x > mask::r-x > other::r-x > > getfacl: f2: No such file or directory > [EMAIL PROTECTED] t]# rsync -aA -v --itemize-changes f1 f2 > sending incremental file list > >f+++++++++ f1 > > sent 77 bytes received 31 bytes 216.00 bytes/sec > total size is 0 speedup is 0.00 > [EMAIL PROTECTED] t]# getfacl f1 f2 > # file: f1 > # owner: adm > # group: sys > user::r-x > group::r-x > mask::r-x > other::r-x > > # file: f2 > # owner: adm > # group: sys > user::r-x > group::r-x > other::r-x > > [EMAIL PROTECTED] t]# > > As far as I can tell, this is somehow the result of the > particular ACL state of f1. If I tweak it slightly, all > works as one would expect. For example: > > [EMAIL PROTECTED] t]# setfacl -m u:andrew:r-x f1 > [EMAIL PROTECTED] t]# getfacl f1 f2 > # file: f1 > # owner: adm > # group: sys > user::r-x > user:andrew:r-x > group::r-x > mask::r-x > other::r-x > > getfacl: f2: No such file or directory > [EMAIL PROTECTED] t]# rsync -aA -v --itemize-changes f1 f2 > sending incremental file list > >f+++++++++ f1 > > sent 88 bytes received 31 bytes 238.00 bytes/sec > total size is 0 speedup is 0.00 > [EMAIL PROTECTED] t]# getfacl f1 f2 > # file: f1 > # owner: adm > # group: sys > user::r-x > user:andrew:r-x > group::r-x > mask::r-x > other::r-x > > # file: f2 > # owner: adm > # group: sys > user::r-x > user:andrew:r-x > group::r-x > mask::r-x > other::r-x
Ah. Rsync seems to be dropping a mask entry when there are no named user or group entries. That's not an unreasonable thing to do on a system that does not require a mask, and I think the idea was to avoid receiving superfluous masks from a system that does require them. I guess one could still make the argument that the ACLs should be copied exactly. I found a bigger problem: rsync seems to use the mask permissions as the group permissions, potentially granting undesired access. To see this, run the following: setfacl -k . umask 0077 touch srcfile setfacl -m m::r-- srcfile rsync -A srcfile destfile getfacl srcfile destfile I get these results (on Linux): # file: srcfile # owner: matt # group: matt user::rw- group::--- mask::r-- other::--- # file: destfile # owner: matt # group: matt user::rw- group::r-- other::--- Fixing this in a way that works with all combinations of mask-requiring and non-mask-requiring systems will take some care. We discussed similar issues a while ago: http://lists.samba.org/archive/rsync/2006-October/016400.html I'll have to reread that thread. Matt -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
