On 12/9/05, Yiorgos Stamoulis <yiorgos-lists at 272deg.homelinux.net> wrote: > Bryan J. Smith wrote: > > >getfacl can dump an entire tree's permissions to a file -- > >both UNIX and Extended Attributes (EA) Access Control Lists > >(ACLs). You could then rsync that file, and run it on the > >other side. In > >fact, that's how I deal with the fact I don't want another > >system login in to SSH as root. > > > >Basically: > > cd /wherever > > syncstamp="`date +%Y%m%d%H%M%S`" > > getfacl -R . > .facl_${syncstamp} > > rsync -ave "ssh" . reguser at otherserver > > rm .facl_${syncstamp} > > > >And then a root cronjob on another server basically looks for > >.facl_* files periodically and runs: > > cd /whereever > > set -o noglob > > for ifacl in .facl_*; do > > setfacl --restore=${ifacl} > > rm ${ifacl} > > done > > > >In fact, since Red Hat insists on not supporting XFS with its > >xfsdump that maintains EAs, and Ext3's dump does nothing of > >the sort (and I'm not a huge fan of star), I use getfacl to > >store the original ACLs with my backup in a file included > >with the backup. > > > > > > > > > > > That 's great Bryan! hmmm... would this work for SELinux as well? -- Leonard Isham, CISSP Ostendo non ostento.