[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attr
From: |
Pádraig Brady |
Subject: |
bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes |
Date: |
Sat, 2 Mar 2019 18:07:53 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
tag 33644 notabug
close 33644
stop
rationale below...
On 12/02/19 04:03, Kamil Dudka wrote:
> On Monday, February 11, 2019 7:30:42 PM CET Pádraig Brady wrote:
>> On 11/02/19 03:50, Kamil Dudka wrote:
>>> I think that the information in xattr.conf is correct. system.nfs4_acl is
>>> really an attribute one wants to copy when trying to preserve permissions.
>>
>> Right. What I was getting at was attr_copy_file() from libattr seems
>> to skip all entries in xattr.conf by default. I need to dig in to
>> see what's preserving system.posix_acl_access (these might be
>> implicitly generated upon attr reading for example).
>
> I do not know the reasoning behind the default behavior of attr_copy_file().
> There is a comment before the function definition but it does not talk about
> NFSv4 ACLs:
>
> http://git.savannah.nongnu.org/cgit/attr.git/tree/libattr/attr_copy_file.c?id=cb4786f1#n54
>
>> My question was why does coreutils need to explicitly handle
>> the nfs4 acls if it doesn't need to handle the posix ones.
>
> I think the answer is obvious. cp is able preserve POSIX ACLs at a higher
> level (using gnulib's acl module, which uses libacl internally on Linux).
> There is, unfortunately, no such module (neither library) for NFSv4 ACLs.
> So copying the value of the low-level attribute is currently the only way
> to make cp preserve NFSv4 ACLs.
You used "obvious" and "ACLs" in the same email :)
Looking a bit more...
So attr_copy_file() copies all except those defined in /etc/xattr.conf
ACL xattrs are listed in that file with the rationale from a comment in libattr
being:
"ACLs are excluded by default because copying them between
file systems with and without ACL support needs some
additional logic so that no unexpected permissions result."
So the ACL handling specifically is deferred to libacl.
Now system.posix_acl_access is handled by libacl,
but system.nfs4_acl is not.
So I think the correct fix here is to remove the
nfs entries from /etc/xattr.conf, and then cp will copy.
This has the advantage of being configurable,
and also removes nfs4 specific handling from cp.
Any nfs4 specific handling should be in libacl.
thanks,
Pádraig
- bug#33644: [PATCH] cp --preserve=xattr: preserve NFSv4 ACL extended attributes,
Pádraig Brady <=