Difference between ACL and Extended attributes

Posted on 2014-08-29
Last Modified: 2014-10-21
What is the difference between Access Control List (getfacl/setfacl) and Extended Attributes (getfattr/setfattr)?

As I understand it, tar does not preserve either (if they are different). If I want to save such attributes, do I need to run both getfacl and getfattr?
Question by:jmarkfoley
    LVL 8

    Accepted Solution

    The two concepts are pretty different.

    The ACL specifies user- or group-specific permissions to some hand-picked users/groups of your choice, i.e. in addition to owner user and owner group you may specify the closest friends. This can even be used as a workaround if you have no authority to create a new group but you want your files to be accessible for your immediate project members only.

    The extended attributes are described in attr(5); they don't necessary specify permissions but name-value pairs that may have other semantics.

    As for the essence of the problem; pretty much the same question addressed here:
    so you may check your tar version if it supports flags --acls --xattrs
    If not, then give a go for star or rsync.
    LVL 1

    Author Comment

    Folks - I've reinstalled the whole system from scratch and am trying to get back to the place where I have ACLs set. Will return to this question when that mission is accomplished.
    LVL 1

    Author Comment

    Sorry, just now have my system back to where I started this question.

    As you (Surrano) stated, I have determined that acl and attr as not the same. the getfacl dump has entries of the format:
    # file: redirectedFolders//Users/mark/My Documents

    Open in new window

    Restoring the acls does not restore the attrs and restoring attrs does not restore acls. Therefore, I will have to save and restore both of these attributes if I want to have a complete backup.

    My standard GNU tar does not have either --acls or --xattrs. rsync does not appear to be able to copy to an archive. I don't want to add a non-standard tar or a 3rd party backup tool that might confuse a subsequent user, especially if restoring to a vanilla system that does not have such a tool installed. Therefore, I'll first create the special attribute backup files:

    getfattr -dR /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies >/backupATTR.txt
    getfacl -R /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies/ > /backupACL.txt

    and the regular tar volume backup will snag these into the archive. The restorer will have to remember to --restore these files if these special directories are ever restored.

    Actually, I'm quite surprised that none of the Samba4 documentation on redirected folders (that I've found) mentions this.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now