29

When using the tar utility to store files in backups one loses the extended ACLs.

Is there some commonly used and not hackish solution (like: create a script that will recrate the ACLs from scratch) to preserve the ACLs?

Eli Frey
  • 1,388
  • 10
  • 14
silk
  • 1,512
  • 2
  • 14
  • 12

8 Answers8

14

Actually, I believe the question was not about the (standard) file permission bits, but extended ACL information (see setfacl(1) or acl(5)).

To my knowledge, the unmodified GNU tar ignores ACL information. (The man page for GNU tar 1.15.1 as shipped with RHEL 5.2 mentions switches --acls and --no-acls, but I haven't gotten them to work.)

However, the star program is able to back up and restore ACLs, if you select the exustar format:

star -c -p -acl artype=exustar -f archive.tar  files...
star -x -acl -f archive.tar

Star home page: http://cdrecord.berlios.de/new/private/star.html Star is available in ubuntu, at least.

bhm
  • 751
  • 4
  • 5
  • This looks like what I seek, I will have to take a look on that. Now I need to buy some more hours per day ;) – silk Sep 06 '10 at 10:29
  • 3
    `star` is not available on Debian and does not seem to be maintained by a "team". The project is still alive and maintained after 30+ years though. Try `bsdtar` if you want something else. – Totor Apr 22 '13 at 15:35
  • 1
    after shutdown of belios you may find it here: http://sourceforge.net/projects/s-tar/files/ – Jonas Stein Apr 25 '15 at 12:10
10

I'm looking for a solution as well so far I found this:

first do a getfactl from my folder

getfacl -R /a_folder > folder.acl

then do a regular tar

tar -czvf folder.tar.gz /a_folder

when I extract it 

tar -xvf folder.tar.gz

do a setfacl for the permissions.

setfacl --restore=folder.acl

this works for me.

maniat1k
  • 1,495
  • 4
  • 25
  • 40
  • 1
    Thanks. Nothing worked for me on this page[i really mean it, i even compiled star from source, but it failed to do the job]. But this indeed did work. Though not elegant, but works perfect. – ashishsony Nov 02 '19 at 21:05
9

Using tar

To create:

tar --acls -cpf backup.tar some-dir-or-file

To untar:

tar --acls -xpf backup.tar
Mat
  • 51,578
  • 10
  • 158
  • 140
Scott Grayban
  • 114
  • 1
  • 1
  • 3
    `tar: unrecognized option '--acls'` does not work. – maniat1k Feb 20 '13 at 12:04
  • 1
    Fedora has non-standard GNU Tar patches that include `--acls` – user55149 Dec 22 '13 at 10:53
  • 3
    In Debian, `tar` doesn't support `--acls` until jessie. (See [bug #732071](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732071).) The feature is also available in the package from `wheezy-backports`. – Alastair Irvine Jun 27 '14 at 05:06
  • Note that said `wheezy-backports` version of `tar` has a bug wrt the `--acls` option. Tarball extraction using said option will assign acl's, even if the archive had none(!). See [here](https://forum.proxmox.com/threads/lxc-containers-have-extended-permissions-acl-by-default.25367/). – Digger Jul 31 '18 at 04:34
5
rsync with the -A and/or -X options.
slm
  • 363,520
  • 117
  • 767
  • 871
Skaperen
  • 706
  • 1
  • 5
  • 14
3

I suggest you to use bsdtar.

bsdtar backups extended ACL by default, it uses the same syntax as GNU tar, and the archives it produces are readable by GNU tar.

The package and command name (under Debian based distributions) is bsdtar.

bsdtar cf archive.tar /my/folder/using/extd_acl 
bsdtar xf archive.tar

The 2nd (extract) command restores ACLs.

Totor
  • 19,302
  • 17
  • 75
  • 102
  • I can't get it to work, even though I'm sure it worked some time ago. Filed a bug, https://code.google.com/p/libarchive/issues/detail?id=329 . – Ambroz Bizjak Jul 27 '13 at 18:30
  • Same here actually... I tried it on Debian 8 Jessie and it didn't work. :( – Totor Jun 01 '18 at 11:37
  • I am using it on Debian (x64, PC) since several years without any problem (wheezy, jessie, and currently stretch on several machines). – Binarus May 03 '19 at 13:48
2

If you're looking for a simple-to-use yet powerful solution, I'd recommend rdiff-backup.

Basically, it makes a copy of a source directory to a destination directory but it also saves additional information so you can go back in time to whenever you want.

And, of course, it preserves symlinks, special files, hardlinks, permissions, uid/gid ownership and modification times.

Pablo Antonio
  • 121
  • 3
1

From the tar Man Page.

-p, --same-permissions, --preserve-permissions
             ignore umask when extracting files (the default for root)

It is not actually the act of archiving that alters the access permissions(ACLs), but the act of unpacking them. Tar is very often used to distribute files from one user to another, and so it is thought convenient to apply a users umask when they unpack.

To preserve the files previous permissions, simply ad a p for to your options. For example

Straight tar:

tar xvp some-file

bz.tar:

tar xvjp some-file

gz.tar:

tar xvzp some-file
Eli Frey
  • 1,388
  • 10
  • 14
0

@silk

When using the tar utility to store files in backups one loses the extended ACLs.

Is there some commonly used and not hackish solution (like: create a script that will recrate the ACLs from scratch) to preserve the ACLs?

When creating/extracting the archive you need to use both the --acls and --xattrs options and of-course have the proper permissions to read/write those and .

Examples:

1. Creating the archive:

ZSTD_CLEVEL=19 tar --acls --xattrs -caPf systemd-network-conf.tzst --directory=/etc systemd/network systemd/networkd.conf.d

The above will create a zstd compressed tar archive, using compression level 19, while preserving the ACL's and extended attributes.

  • The .tzst extension means "a archive using compression", just like tgz is for a 'ed version etc.
  • The compression level used by the implicit zstd compressor is set by the provided ZSTD_CLEVEL environment variable at start on same line.
  • See man pages: tar(1) and zstd(1).

2. Extracting that archive:

sudo tar --acls --xattrs -xvf systemd-network-conf.tzst

The above will create, in your current directory, a sub-directory named systemd because that's the common root-dir inside the archive.

  • All settings you had set using // in the originals, will be preserved in the extracted version.

3. Comparing original and extracted file attributes.

{cd /etc; getfacl -R systemd/network systemd/networkd.conf.d} >original.acl; cd -
getfacl -R systemd/network systemd/networkd.conf.d >extracted.acl
diff -u original.acl extracted.acl
  • You should see no output from the first two lines because it is redirected to a file.
    (Exception for first line, which will output your current directory due to the last cd - as separate command, which just restores your current directory.)
  • You should see no output from the diff line either, because there's no difference.
Tripple Moon
  • 11
  • 4