Difference between ACL and Extended attributes

Posted on 2014-08-29
Medium Priority
Last Modified: 2014-10-21
What is the difference between Access Control List (getfacl/setfacl) and Extended Attributes (getfattr/setfattr)?

As I understand it, tar does not preserve either (if they are different). If I want to save such attributes, do I need to run both getfacl and getfattr?
Question by:jmarkfoley
  • 2

Accepted Solution

Surrano earned 2000 total points
ID: 40294146
The two concepts are pretty different.

The ACL specifies user- or group-specific permissions to some hand-picked users/groups of your choice, i.e. in addition to owner user and owner group you may specify the closest friends. This can even be used as a workaround if you have no authority to create a new group but you want your files to be accessible for your immediate project members only.

The extended attributes are described in attr(5); they don't necessary specify permissions but name-value pairs that may have other semantics.

As for the essence of the problem; pretty much the same question addressed here:
so you may check your tar version if it supports flags --acls --xattrs
If not, then give a go for star or rsync.

Author Comment

ID: 40324683
Folks - I've reinstalled the whole system from scratch and am trying to get back to the place where I have ACLs set. Will return to this question when that mission is accomplished.

Author Comment

ID: 40394915
Sorry, just now have my system back to where I started this question.

As you (Surrano) stated, I have determined that acl and attr as not the same. the getfacl dump has entries of the format:
# file: redirectedFolders//Users/mark/My Documents

Open in new window

Restoring the acls does not restore the attrs and restoring attrs does not restore acls. Therefore, I will have to save and restore both of these attributes if I want to have a complete backup.

My standard GNU tar does not have either --acls or --xattrs. rsync does not appear to be able to copy to an archive. I don't want to add a non-standard tar or a 3rd party backup tool that might confuse a subsequent user, especially if restoring to a vanilla system that does not have such a tool installed. Therefore, I'll first create the special attribute backup files:

getfattr -dR /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies >/backupATTR.txt
getfacl -R /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies/ > /backupACL.txt

and the regular tar volume backup will snag these into the archive. The restorer will have to remember to --restore these files if these special directories are ever restored.

Actually, I'm quite surprised that none of the Samba4 documentation on redirected folders (that I've found) mentions this.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month16 days, 22 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question