Bryan J. Smith wrote:
>getfacl can dump an entire tree's permissions to a file --
>both UNIX and Extended Attributes (EA) Access Control Lists
>(ACLs). You could then rsync that file, and run it on the
>other side. In
>fact, that's how I deal with the fact I don't want another
>system login in to SSH as root.
>
>Basically:
> cd /wherever
> syncstamp="`date +%Y%m%d%H%M%S`"
> getfacl -R . > .facl_${syncstamp}
> rsync -ave "ssh" . reguser at otherserver
> rm .facl_${syncstamp}
>
>And then a root cronjob on another server basically looks for
>.facl_* files periodically and runs:
> cd /whereever
> set -o noglob
> for ifacl in .facl_*; do
> setfacl --restore=${ifacl}
> rm ${ifacl}
> done
>
>In fact, since Red Hat insists on not supporting XFS with its
>xfsdump that maintains EAs, and Ext3's dump does nothing of
>the sort (and I'm not a huge fan of star), I use getfacl to
>store the original ACLs with my backup in a file included
>with the backup.
>
>
>
>
>
That 's great Bryan!
Thanx