Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello everybody, I'm in a bit of trouble here, let me explain:
directory /var/test:
drwx------+ 3 testuser testgroup 4096 Jul 8 07:56 test
/var/test is a mountpoint for an LVM volume mounted with the acl option:
/dev/mapper/testvg-testvol on /var/test type ext3 (rw,acl)
I want testuser:testgroup to be able to read and write files in this directory and its subdirectories. I also want another user, amanda:disk, to have the same read/write permissions to backup and restore said files and directories. I don't want any other user to have access to those files, not even a read privilege. Of course root can.
I figured I could use the ACLs to solve this problem and tried the following:
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
Sorry you haven't gotten an answer on the acls. I don't have a comparable system to yours to play around and see how it works, but I can tell you that moving and copying files from one place to another is the most likely situation where things might not work as you would like. I've repeatedly had that problem with Samba shares and Windows users (one person uploads a file via Samba, another who has shell access on the server moves the file into a location that should be public for that group and finds that group privileges are not correct).
On the other hand, I believe you have to be root to run amrecover, since that puts you in the position of accessing the tapes on the backup server and allows you to see everything as well as recover anything. Backup and Recovery typically has to be able to access everything, regardless of permissions. You might want to review your install of Amanda, or, if it's a system someone else installed, review the user documentation: http://wiki.zmanda.com/index.php/User_documentation.
You need to use the "-a" option to cp to copy the acls. Also, the filesystem you backup the files to needs to also support acls and be mounted with the acl option.
As an aside, you can use the "star" program to backup files including acls, attributes and file attributes (setfacl, chattr, setfattr). My version of tar will not do this, but some versions have an -acl option. You could download that version & compile it.
You had the right idea to test your backups & restore before going with it. If you use tar or star do the same thing.
...On the other hand, I believe you have to be root to run amrecover, since that puts you in the position of accessing the tapes on the backup server and allows you to see everything as well as recover anything. Backup and Recovery typically has to be able to access everything, regardless of permissions. ...
Absolutely correct and so obvious I didn't see it, my mistake. the "r" permission is sufficient for amanda in that case. Tested Ok on my system.
Quote:
Originally Posted by jschiwal
You need to use the "-a" option to cp to copy the acls. Also, the filesystem you backup the files to needs to also support acls and be mounted with the acl option....
Yes but unfortunately I don't know the source directory beforehand and they don't all use ACLs so if I copy with -a a file that does not come from an ACL-enabled directory, the default ACLs won't even apply.
What I noticed is that the ACL mask really relies on the "group" rights. if a chmod g something is applied to the file, it will affect the mask of the ACL.
Thank you both for these precious bits of information, It'll do just fine.
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep:
Quote:
Originally Posted by jschiwal
As an aside, you can use the "star" program to backup files including acls, attributes and file attributes (setfacl, chattr, setfattr). My version of tar will not do this, but some versions have an -acl option. You could download that version & compile it.
You had the right idea to test your backups & restore before going with it. If you use tar or star do the same thing.
yup. You need to know the version of tar you are using. `tar --version` will tell you, and on some of my systems this will respond that it is gnutar. Gnutar will do acls.
You can also download and install gnutar, if your tar is inadequate. Amanda recommends gnutar. Just make sure Amanda knows where it is -- either install it in the same location tar was in when you configured Amanda, or you may need to reconfigure Amanda.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.