On 12/9/05, Yiorgos Stamoulis yiorgos-lists@272deg.homelinux.net wrote:
Bryan J. Smith wrote:
getfacl can dump an entire tree's permissions to a file -- both UNIX and Extended Attributes (EA) Access Control Lists (ACLs). You could then rsync that file, and run it on the other side. In fact, that's how I deal with the fact I don't want another system login in to SSH as root.
Basically: cd /wherever syncstamp="`date +%Y%m%d%H%M%S`" getfacl -R . > .facl_${syncstamp} rsync -ave "ssh" . reguser@otherserver rm .facl_${syncstamp}
And then a root cronjob on another server basically looks for .facl_* files periodically and runs: cd /whereever set -o noglob for ifacl in .facl_*; do setfacl --restore=${ifacl} rm ${ifacl} done
In fact, since Red Hat insists on not supporting XFS with its xfsdump that maintains EAs, and Ext3's dump does nothing of the sort (and I'm not a huge fan of star), I use getfacl to store the original ACLs with my backup in a file included with the backup.
That 's great Bryan!
hmmm... would this work for SELinux as well?
-- Leonard Isham, CISSP Ostendo non ostento.