On 12/9/05, Yiorgos Stamoulis <yiorgos-lists@xxxxxxxxxxxxxxxxxxxx> wrote:
> Bryan J. Smith wrote:
>
> >getfacl can dump an entire tree's permissions to a file --
> >both UNIX and Extended Attributes (EA) Access Control Lists
> >(ACLs). You could then rsync that file, and run it on the
> >other side. In
> >fact, that's how I deal with the fact I don't want another
> >system login in to SSH as root.
> >
> >Basically:
> > cd /wherever
> > syncstamp="`date +%Y%m%d%H%M%S`"
> > getfacl -R . > .facl_${syncstamp}
> > rsync -ave "ssh" . reguser@otherserver
> > rm .facl_${syncstamp}
> >
> >And then a root cronjob on another server basically looks for
> >.facl_* files periodically and runs:
> > cd /whereever
> > set -o noglob
> > for ifacl in .facl_*; do
> > setfacl --restore=${ifacl}
> > rm ${ifacl}
> > done
> >
> >In fact, since Red Hat insists on not supporting XFS with its
> >xfsdump that maintains EAs, and Ext3's dump does nothing of
> >the sort (and I'm not a huge fan of star), I use getfacl to
> >store the original ACLs with my backup in a file included
> >with the backup.
> >
> >
> >
> >
> >
> That 's great Bryan!
hmmm... would this work for SELinux as well?
--
Leonard Isham, CISSP
Ostendo non ostento.
