Alan Coopersmith ???:
>Yan Xue Yang wrote:
>
>
>>Alan Coopersmith ???:
>>
>>
>>>Frank Che wrote:
>>>
>>>
>>>
>>>
>>>>4.3.2 When synchronize between a single-user file system and a shared
>>>>Unix
>>>>server, by default, Unison will synchronize permissions verbatim,
>>>>which may
>>>>leave group-writable files on the server that could be written over by a
>>>>lot of
>>>>people.
>>>>
>>>>
>>>>
>>>Are permissions copied correctly when moving files between fully featured
>>>file systems? Even if one is NTFS and the other UFS or ZFS?
>>>What about ACL's?
>>>
>>>
>>>
>>>
>>Unison command has an option for the permission synchronize. Details as
>>follows:
>>
>>-perms n
>>The integer value of this preference is a mask indicating which
>>permission bits should be synchronized. It is set by default to 0o1777:
>>all bits but the set-uid and set-gid bits are synchronised
>>(synchronizing theses latter bits can be a security hazard). If you want
>>to synchronize all bits, you can set the value of this preference to ?1.
>>
>>
>>And the following is about the permission synchronization between two
>>different file system:
>>
>>Permissions
>>
>>Synchronizing the permission bits of files is slightly tricky when two
>>different filesytems are involved (e.g., when synchronizing a Windows
>>client and a Unix server). In detail, here's how it works:
>>
>>* When the permission bits of an existing file or directory are changed,
>>the values of those bits that make sense on both operating systems will
>>be propagated to the other replica. The other bits will not be changed.
>>* When a newly created file is propagated to a remote replica, the
>>permission bits that make sense in both operating systems are also
>>propagated. The values of the other bits are set to default values (they
>>are taken from the current umask, if the receiving host is a Unix system).
>>* For security reasons, the Unix setuid and setgid bits are not propagated.
>>* The Unix owner and group ids are not propagated. (What would this
>>mean, in general?) All files are created with the owner and group of the
>>server process.
>>
>>
>
>I see nothing in there about ACL's - does that mean a note should be added
>to the man page that ACL's are not copied either?
>
>
>
It's not documented in the manual. After testing, I confirm unison
doesn't support both ACL's and extended attributes. I think we need to
add this to man page.
