Yan Xue Yang wrote:
> Alan Coopersmith ???:
>> Frank Che wrote:
>>
>>
>>> 4.3.2 When synchronize between a single-user file system and a shared
>>> Unix
>>> server, by default, Unison will synchronize permissions verbatim,
>>> which may
>>> leave group-writable files on the server that could be written over by a
>>> lot of
>>> people.
>>>
>>
>> Are permissions copied correctly when moving files between fully featured
>> file systems? Even if one is NTFS and the other UFS or ZFS?
>> What about ACL's?
>>
>>
> Unison command has an option for the permission synchronize. Details as
> follows:
>
> -perms n
> The integer value of this preference is a mask indicating which
> permission bits should be synchronized. It is set by default to 0o1777:
> all bits but the set-uid and set-gid bits are synchronised
> (synchronizing theses latter bits can be a security hazard). If you want
> to synchronize all bits, you can set the value of this preference to ?1.
>
>
> And the following is about the permission synchronization between two
> different file system:
>
> Permissions
>
> Synchronizing the permission bits of files is slightly tricky when two
> different filesytems are involved (e.g., when synchronizing a Windows
> client and a Unix server). In detail, here's how it works:
>
> * When the permission bits of an existing file or directory are changed,
> the values of those bits that make sense on both operating systems will
> be propagated to the other replica. The other bits will not be changed.
> * When a newly created file is propagated to a remote replica, the
> permission bits that make sense in both operating systems are also
> propagated. The values of the other bits are set to default values (they
> are taken from the current umask, if the receiving host is a Unix system).
> * For security reasons, the Unix setuid and setgid bits are not propagated.
> * The Unix owner and group ids are not propagated. (What would this
> mean, in general?) All files are created with the owner and group of the
> server process.
I see nothing in there about ACL's - does that mean a note should be added
to the man page that ACL's are not copied either?
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
