mv and posix ACLs
Russell Coker
russell at coker.com.au
Tue Aug 23 13:49:44 UTC 2005
getxattr("/mnt/nfs/test", "system.posix_acl_access", 0xbfc96c20, 132) = -1
EOPNOTSUPP (Operation not supported)
setxattr("./test", "system.posix_acl_access",
"\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x04\x00\xff\xff\xff\xff
\x00\x04\x00\xff\xff\xff\xff", 28, 0) = -1 EOPNOTSUPP (Operation not
supported)
Stracing an mv operation shows that the above is performed. Reading
coreutils-acl.patch from the coreutils SRPM indicates that the code in acl.c
is creating a posix ACL that matches the Unix permissions and trying to apply
it.
Why does it do this? What is the point of having a POSIX ACL containing the
same data as the Unix permissions, it seems that when POSIX ACLs are enabled
in the destination file-system it will just waste disk space and CPU time by
needlessly duplicating data, and when POSIX ACLs are disabled (the default
configuration) it will just waste a small amount of CPU time on the mv
operation in trying to set something that can never be set.
This seems like a bug to me, but someone has obviously gone to quite a bit of
effort to make it do that so there is presumably some reason. What is the
reason for desiring this functionality and does it really outweigh the
problems?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the devel
mailing list