rdiff-backup-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Winsdows 7/Vista ACLs not restored correctly?


From: Leland Best
Subject: Re: [rdiff-backup-users] Winsdows 7/Vista ACLs not restored correctly?
Date: Mon, 24 Sep 2012 20:31:38 -0600

Dominic,

Sorry for the delay in replying.  Anyway, ...

On Wed, 2012-09-19 at 17:53 +0100, Dominic Raferd wrote:
> Sorry Leland, I have always explicitly excluded acls from my Windows
> backups.

Hmmm, well there's something I haven't tried.  However, as I understand
it (which may well be wrong of course) the rdiff-backup options about
ACLs (e.g. --no-acls) all apply to POSIX ACLs.  Windows ACLs are not
POSIX ACLs and, in fact, are handled by a different Python module.  I
also believe that under Windows the ACLs are basically the _only_
security mechanism so to disable them would loose all permissions info.

>  But in any case for ACLs rdiff-backup requires the pylibacl and
> pyxattr modules. My standard rdiff-backup installation (under Ubuntu
> 12.04) does not have pylibacl or pyxattr. You can check whether you
> have them in your Debian with:
> 
> pydoc modules|egrep -o "(pylibacl|pyxattr)"

'pydoc' spits out a bunch of errors for me but:

----
address@hidden:~> dpkg -s python-pylibacl | grep Status
Status: install ok installed

address@hidden:~> dpkg -s python-pyxattr | grep Status
Status: install ok installed
----

This extract from a linux-linux backup is suggestive:

----
/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py:148:
DeprecationWarn
ing: os.popen2 is deprecated.  Use the subprocess module.
  stdin, stdout = os.popen2(remote_cmd)
Unable to import win32security module. Windows ACLs
not supported by filesystem at /buckbeak/root/home
escape_dos_devices not required by filesystem at /buckbeak/root/home
Using rdiff-backup version 1.2.8
Executing ssh -C address@hidden rdiff-backup --server
-----------------------------------------------------------------
Detected abilities for source (read only) file system:
  Access control lists                         On
  Extended attributes                          On
  Windows access control lists                 Off
  Case sensitivity                             On
  Escape DOS devices                           Off
  Escape trailing spaces                       Off
  Mac OS X style resource forks                Off
  Mac OS X Finder information                  Off
-----------------------------------------------------------------
Unable to import win32security module. Windows ACLs
not supported by filesystem at home/rdiff-backup-data/rdiff-backup.tmp.0
escape_dos_devices not required by filesystem at
home/rdiff-backup-data/rdiff-backup.tmp.0
-----------------------------------------------------------------
Detected abilities for destination (read/write) file system:
  Ownership changing                           On
  Hard linking                                 On
  fsync() directories                          On
  Directory inc permissions                    On
  High-bit permissions                         On
  Symlink permissions                          Off
  Extended filenames                           On
  Windows reserved filenames                   Off
  Access control lists                         On
  Extended attributes                          On
  Windows access control lists                 Off
  Case sensitivity                             On
  Escape DOS devices                           Off
  Escape trailing spaces                       Off
  Mac OS X style resource forks                Off
  Mac OS X Finder information                  Off
-----------------------------------------------------------------
----

First, note that both source and destination show "Access control lists"
and "Extended attributes" as "On".  Presumably if pylibacl and/or
pyxattr were not installed they would be "Off".  Second, and more to the
point, are these lines:

Unable to import win32security module. Windows ACLs
not supported by filesystem at /buckbeak/root/home
[...]
  Windows access control lists                 Off

I believe _Windows_ ACLs are handled in module win32security.  Now the
log files from the windows native client doing a windows-linux backup
shows "Windows access control lists" as "On" on the source (windows)
filesystem but "Off" on the destination filesystem.  This is okay though
because rdiff-backup stores the windows ACL data in a file under
rdiff-backup-data on the destination.  The file name is of the form
win_access_control_lists.<timestamp>.snapshot.gz.

Examining this file (after reading up on windows ACLs on the web) looks
like the windows ACLs are stored correctly.  For example, previously I
posted that Windows showed the permissions for the "Leland" directory to
be

--------
SYSTEM: <not inherited>, Full Control, This folder, subfolders and files
Leland: <not inherited>, Full Control, This folder, subfolders and files
Administrators: <not inherited>, Full Control, This folder, subfolders 
  and files
--------

Now the first few lines of win_access_control_lists...gz are:

--------
# file: .
O:SYG:SYD:P(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FA;;;S-1-5-21-182347274-1911788080-2948552075-1007)
--------

This is admittedly cryptic but (as best I can tell) says for directory
"Leland" (the top-level source directory):

Owner: SYSTEM
Group: SYSTEM
Permissions:
  Allow SYSTEM: Full Access, Object Inheritance, Container Inheritance
  Allow Administrators: Full Access, Object Inheritance, Container 
    Inheritance
  Allow Leland: Full Access, Object Inheritance, Container Inheritance

which looks about right.  So, whatever is going wrong must be on the
restore side.  While this narrows things down a bit, I'm no Python Guru
so I'm not sure where to go next.  Perhaps try to rebuild the
rdiff-backup win32 native client using more recent versions of the
win32security module?  Or something?  Any hints would be appreciated.
Is there an active developers list for rdiff-backup and should I perhaps
post there?

> Could this be your problem?

Given the above plus the fact that a Windows-Windows local
backup-restore cycle fails it seems unlikely.  But thanks for your
suggestion.

[...rest of reply deleted...]

Cheers
Leland
-- 
-------------------------------------------------------------------------------
Leland C. Best      | Creationists make it sound as though a 'theory' is
address@hidden | something you dreamt up after being drunk all night.
                    | -- Isaac Asimov
-------------------------------------------------------------------------------




reply via email to

[Prev in Thread] Current Thread [Next in Thread]