Difference between ACL and Extended attributes

What is the difference between Access Control List (getfacl/setfacl) and Extended Attributes (getfattr/setfattr)?

As I understand it, tar does not preserve either (if they are different). If I want to save such attributes, do I need to run both getfacl and getfattr?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SurranoSystem EngineerCommented:
The two concepts are pretty different.

The ACL specifies user- or group-specific permissions to some hand-picked users/groups of your choice, i.e. in addition to owner user and owner group you may specify the closest friends. This can even be used as a workaround if you have no authority to create a new group but you want your files to be accessible for your immediate project members only.

The extended attributes are described in attr(5); they don't necessary specify permissions but name-value pairs that may have other semantics.

As for the essence of the problem; pretty much the same question addressed here:
so you may check your tar version if it supports flags --acls --xattrs
If not, then give a go for star or rsync.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmarkfoleyAuthor Commented:
Folks - I've reinstalled the whole system from scratch and am trying to get back to the place where I have ACLs set. Will return to this question when that mission is accomplished.
jmarkfoleyAuthor Commented:
Sorry, just now have my system back to where I started this question.

As you (Surrano) stated, I have determined that acl and attr as not the same. the getfacl dump has entries of the format:
# file: redirectedFolders//Users/mark/My Documents

Open in new window

Restoring the acls does not restore the attrs and restoring attrs does not restore acls. Therefore, I will have to save and restore both of these attributes if I want to have a complete backup.

My standard GNU tar does not have either --acls or --xattrs. rsync does not appear to be able to copy to an archive. I don't want to add a non-standard tar or a 3rd party backup tool that might confuse a subsequent user, especially if restoring to a vanilla system that does not have such a tool installed. Therefore, I'll first create the special attribute backup files:

getfattr -dR /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies >/backupATTR.txt
getfacl -R /redirectedFolders /var/lib/samba/sysvol/hprs.local/Policies/ > /backupACL.txt

and the regular tar volume backup will snag these into the archive. The restorer will have to remember to --restore these files if these special directories are ever restored.

Actually, I'm quite surprised that none of the Samba4 documentation on redirected folders (that I've found) mentions this.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.