tag 33644 notabug close 33644 stop rationale below...
On 12/02/19 04:03, Kamil Dudka wrote: > On Monday, February 11, 2019 7:30:42 PM CET Pádraig Brady wrote: >> On 11/02/19 03:50, Kamil Dudka wrote: >>> I think that the information in xattr.conf is correct. system.nfs4_acl is >>> really an attribute one wants to copy when trying to preserve permissions. >> >> Right. What I was getting at was attr_copy_file() from libattr seems >> to skip all entries in xattr.conf by default. I need to dig in to >> see what's preserving system.posix_acl_access (these might be >> implicitly generated upon attr reading for example). > > I do not know the reasoning behind the default behavior of attr_copy_file(). > There is a comment before the function definition but it does not talk about > NFSv4 ACLs: > > http://git.savannah.nongnu.org/cgit/attr.git/tree/libattr/attr_copy_file.c?id=cb4786f1#n54 > >> My question was why does coreutils need to explicitly handle >> the nfs4 acls if it doesn't need to handle the posix ones. > > I think the answer is obvious. cp is able preserve POSIX ACLs at a higher > level (using gnulib's acl module, which uses libacl internally on Linux). > There is, unfortunately, no such module (neither library) for NFSv4 ACLs. > So copying the value of the low-level attribute is currently the only way > to make cp preserve NFSv4 ACLs. You used "obvious" and "ACLs" in the same email :) Looking a bit more... So attr_copy_file() copies all except those defined in /etc/xattr.conf ACL xattrs are listed in that file with the rationale from a comment in libattr being: "ACLs are excluded by default because copying them between file systems with and without ACL support needs some additional logic so that no unexpected permissions result." So the ACL handling specifically is deferred to libacl. Now system.posix_acl_access is handled by libacl, but system.nfs4_acl is not. So I think the correct fix here is to remove the nfs entries from /etc/xattr.conf, and then cp will copy. This has the advantage of being configurable, and also removes nfs4 specific handling from cp. Any nfs4 specific handling should be in libacl. thanks, Pádraig
