www.bonsaiframework.com
Page tree

Versions Compared

Old Version 20

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 21

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Copying Files - This is no-longer an issue with modern (2012 is when I checked) versions of Ubuntu and I would guess other *nix systems. With an older system, check that when setting default ACLs on a directory, the following commands will inherit permissions properly:  local copy, sftp remote create and sftp remote copy.

Backup - The most used backup command in *nix, tar, does not support ACLs unless modified. Some distributions like redhat have this built into tar. Otherwise your options are to use star or manually backup and restore the ACLs. Options are covered in this article.

ACLs and Groups

The most scalable way to use ACLs is to apply groups. A tutorial approach will be used to illustrate the commands.

...

The utility setfacl is used to add the groups to the ACL for the respective directories,

Code Block
languagebash
sudocd /home/
# Normal permissions
sudo chmod -R o-rwx ./www.dailyplanet.com/
# ACL permissions
sudo setfacl -Rm g:wgdailyplanet:rwX ./www.dailyplanet.com/
sudo setfacl -Rm g:www-data:rX ./www.dailyplanet.com/
sudo setfacl -Rm g:staff:rX ./www.dailyplanet.com/

Take a look at the ACLs,

Code Block
languagebash
 getfacl ./www.dailyplanet.com/
# file: www.dailyplanet.com
# owner: ckent
# group: ckent
user::rwx
group::rwx
group:www-data:r-x
group:staff:r-x
group:wgdailyplanet:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:www-data:r-x
default:group:staff:r-x
default:group:wgdailyplanet:rwx
default:mask::rwx
default:other::---

...

Repeat the same steps for www.lexcorp.com and change the group accordingly,

Code Block
languagebash
sudocd /home/
# Normal permissions
sudo chmod -R o-rwx ./www.lexcorp.com/
# ACL permissions
sudo setfacl -Rm g:wglexcorp:rwX ./www.lexcorp.com/
sudo setfacl -Rm g:www-data:rX ./www.lexcorp.com/
sudo setfacl -Rm g:staff:rX ./www.lexcorp.com/
# Apply default ACLs
getfacl --access ./www.lexcorp.com/ | sudo setfacl -d -RM - ./www.lexcorp.com/

 

Backup and Restore

Introduction

The current (September 2012) GNU version of TAR does not support ACLs without modifications.

As with any backup and restore scenario where user based permissions matter, make sure the users actually exist and match. To ensure you have no issues, also ensure consistent use of user and group UIDs.

Backup

ACLs permissions can be backed up to a text file,

Code Block
languagebash
cd /home/
sudo getfacl -R ./www.dailyplanet.com/ > ./acl.bck.www.dailyplanet.com/

Backup the files into tar and gzip or similar program,

Code Block
languagebash
# consider command what will also drop in the acl.bck file.

Restore

Uncompress the backup, in this case we used the tar with gunzip,

Code Block
languagebash
....

Restoring ACLs

Restoring is a pretty straightforward process.

Code Block
languagebash
cd /home/
sudo setfacl --restore ./acl.bck.www.dailyplanet.com/

References

Good introduction from the Ubuntu docs - https://help.ubuntu.com/community/FilePermissionsACLs

...