6694 – rsync -A drops mask from ACL

Bug 6694 - rsync -A drops mask from ACL

Summary: rsync -A drops mask from ACL

Status:	RESOLVED FIXED

Alias:	None

Product:	rsync
Classification:	Unclassified
Component:	core (show other bugs)
Version:	3.0.6
Hardware:	Sparc Solaris

Importance:	P3 normal (vote)
Target Milestone:	---
Assignee:	Wayne Davison
QA Contact:	Rsync QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-09-05 13:16 UTC by JD Baldwin
Modified:	2011-02-22 11:04 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description JD Baldwin 2009-09-05 13:16:49 UTC

rsync is supposed to preserve ACLs with the -A option.  However, rsync 3.0.6 does not preserve ACLs, as it drops the "mask" portion of the ACL.   wayne said on the mailing list:

Rsync was of the belief that a mask was only needed if an ACL had named
values, otherwise it tried to simplify the ACL to mask off the group
mode and dropped the mask.  I've checked in a change that makes it keep
whatever mask value is specified, so the ACLs should be identical now.
This will get released in 3.0.6.

..wayne.. 

However, this has not been done.  Example (performed as root):

# rsync --version
rsync  version 3.0.6  protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
    64-bit files, 64-bit inums, 32-bit timestamps, 64-bit long ints,
    socketpairs, hardlinks, symlinks, no IPv6, batchfiles, inplace,
    append, ACLs, no xattrs, iconv, no symtimes

rsync comes with ABSOLUTELY NO WARRANTY.  This is free software, and you
are welcome to redistribute it under certain conditions.  See the GNU
General Public Licence for details.
# getfacl example.txt

# file: example.txt
# owner: root
# group: other
user::---
user:jdb:r--               #effective:r--
group::---              #effective:---
mask:r--    <======== NOTE MASK
other:---
# rsync -aA example.txt jdb@remote:/var/tmp
# ssh -q jdb@remote 'ls -l /var/tmp/example.txt; getfacl /var/tmp/example.txt'
----------+  1 root     other        355 Sep  5 14:07 /var/tmp/example.txt

# file: /var/tmp/example.txt
# owner: root
# group: other
user::---
user:jdb:r--               #effective:---
group::---              #effective:---
mask:---    <======== NOTE MASK
other:---

[ rsync is 3.0.6 on both ends ]

Comment 1 JD Baldwin 2009-09-05 13:28:10 UTC

Further testing shows that not only is the mask not preserved on transfer, but if it already exists, it is eliminated!

Comment 2 Wayne Davison 2009-09-07 16:47:33 UTC

Just to be 100% sure, run this and verify that it says 3.0.6:

ssh -l jdb remote rsync --version

I assume that will be OK a the real problem appears to be that that your file has a mask of "r" but the ls display shows (and presumably mode value in stat() returns) no corresponding group=r mode.  That should not be possible with posix ACLs.  So, something is very weird in Solaris ACLs.

Comment 3 Matt McCutchen 2009-09-07 17:54:51 UTC

The unusual behavior of Solaris ACLs was previously discussed in this thread:

http://lists.samba.org/archive/rsync/2006-October/016404.html

Comment 4 Wayne Davison 2009-09-07 18:07:52 UTC

I used the --fake-super option to try a copy that is otherwise impossible on linux (since I don't have access to solaris) -- an ACL that has a mask that doesn't match the group number.  Rsync duplicated the values correctly (from xattr value to xattr value).

So, this makes me wonder if setting the mode changes the mask on Solaris.  For example, if you do this:

setfacl -m m:r foo
chmod 0 foo
getfacl foo

Does the mask get reset?

Comment 5 Matt McCutchen 2009-09-07 23:48:31 UTC

Yes, according to the message linked in comment #3.

Comment 6 Wayne Davison 2011-02-22 11:04:50 UTC

3.0.8 has some more ACL mask improvements that should hopefully fix this.  If it is still broken, feel free to reopen this bug.