From owner-freebsd-current@FreeBSD.ORG Fri Jan 17 04:37:18 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0117BD6 for ; Fri, 17 Jan 2014 04:37:18 +0000 (UTC) Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com [209.85.192.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C5D581B7D for ; Fri, 17 Jan 2014 04:37:17 +0000 (UTC) Received: by mail-pd0-f175.google.com with SMTP id r10so3506611pdi.20 for ; Thu, 16 Jan 2014 20:37:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=1VCmjuWSYyF2lvaeU/W6q3T4Wa4/S0AuKdPhs17jq8o=; b=aoakCdD3S03UDkzPbDq39nELmdTKkgIRepdLa4ni9J3smS08mKe4wFWvOtckeGeVZv frymqskPg6oRDJHiDSP6GH0CXfNhsfX4OZ1aSBKRhP5+275P6OObbWZM/pGoldVeqMJS A5SbfH+EtpE/hgevSAabPT9Jfm40dGmS3xd698hStJXOvgUm+HPRJ7VAJ4byayeJdJoa ulWhoTX1ZS66GPWnCo4eyT+hdFoOfb0SGUyXvVOuFFgpaWr56RgsL1k4iTMzm5S1fRXj 5Bh0fDAvGsUC7UFDpI+bHGO0xciamdqgCThX486S46k2QZYdN32yPQkRxNWzrTe351ra 9j0g== X-Gm-Message-State: ALoCoQnL8D5uttWEJmihyuW57AOkoImo5Mq98ji+X4apQm05bK3DYl224/vbDhby4Awrezz+Pbke X-Received: by 10.69.26.228 with SMTP id jb4mr14192959pbd.83.1389933437088; Thu, 16 Jan 2014 20:37:17 -0800 (PST) Received: from [192.168.1.2] (c-24-6-182-22.hsd1.ca.comcast.net. [24.6.182.22]) by mx.google.com with ESMTPSA id om6sm19059586pbc.43.2014.01.16.20.37.15 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 16 Jan 2014 20:37:16 -0800 (PST) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: mtree acl support From: Tim Kientzle In-Reply-To: <1389904576.2313.71707745.52B4D2D1@webmail.messagingengine.com> Date: Thu, 16 Jan 2014 20:37:13 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1389710847.2685.70601137.72B5C024@webmail.messagingengine.com> <93FD368C-21D1-4A5F-986A-859D83AFB5BF@kientzle.com> <1389904576.2313.71707745.52B4D2D1@webmail.messagingengine.com> To: Mark Felder X-Mailer: Apple Mail (2.1827) Cc: FreeBSD current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2014 04:37:18 -0000 On Jan 16, 2014, at 12:36 PM, Mark Felder wrote: > On Wed, Jan 15, 2014, at 23:11, Tim Kientzle wrote: >>=20 >> On Jan 14, 2014, at 6:47 AM, Mark Felder wrote: >>=20 >>> I was recently talking to someone about how one would backup / = restore >>> ACLs reliably. I didn't see any mention of ACLs in the mtree man = page >>> and after a quick google I came upon this old mailing list post: >>>=20 >>> = http://lists.freebsd.org/pipermail/freebsd-hackers/2008-April/024173.html >>>=20 >>> patch in list is here: = http://heka.cenkes.org/sat/diffs/mtree_acl.diff >>> I've mirrored it here: https://feld.me/freebsd/mtree_acl.diff >>>=20 >>> This old patch appears to still apply cleanly. I hate to see a patch = die >>> and be forgotten. >>=20 >> One problem that =91tar=92 has addressed (inspired by Joerg = Schilling=92s >> work on star) is to permit ACLs to be restored even if the user = database >> is out of date. >>=20 >> This is done by including a fourth field in each ACE with the >> numeric user ID. >>=20 >> I suspect you want to do the same for mtree. I thought >> I remembered acl_to_text having an option to use >> an extended text format, so it might be a trivial change. >>=20 >=20 > As long as it's not default. One of the most convenient ways to change = a > user's UID (or multiple users!) is to do an mtree backup, change > UID/GID, and then re-apply mtree backup. Every file that the user(s) > previously owned will be automatically changed to the new UID/GID for > you :-) The extended format stores both name and numeric ID. It tries to restore by name first (looking up as necessary), then falls = back on ID if that fails. So this does correctly handle your case. This also lets you restore trees when user lookups are unavailable. For = example, user lookups may be broken because of permission problems that = you=92re trying to fix with mtree. ;-) Tim