rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] dropping ACLs if names can't be mapped

From: Andrew Ferguson
Subject: Re: [rdiff-backup-users] dropping ACLs if names can't be mapped
Date: Thu, 3 Jul 2008 21:39:46 -0400 
On Jun 29, 2008, at 1:23 PM, martin f krafft wrote:


Hello,

I've had a long-standing issue with how rdiff-backup handles ACLs:

 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424638

basically, if I have an ACL allowing group webserver to read files,
that group has to exist on the destination filesystem, or else
the warn_drop function in eas_acls.py:470 is called, telling me that

 "--never-drop-acls specified but cannot map name
  webserver occurring inside an ACL."

Isn't rdiff-backup supposed to be writing to metadata? Why does it
even try to map names? Is there a bug or am I misunderstanding
something?


Yes, I am afraid you are misunderstanding.
Rdiff-backup will *always* write to metadata. The metadata will be used on the restore since it is the complete record.
However, simultaneously with writing to metadata, rdiff-backup tries to map the metadata from the source onto the destination (eg, mapping this webserver-user ACL). Why does rdiff-backup do this? Three reasons: 1) It makes it possible to do the restore without rdiff- backup 2) It makes rdiff-backup behave a little more like rsync and 3) If the metadata file is lost, or corrupt, rdiff-backup can use the destination metadata during a restore.
By specifying --never-drop-acls, you are saying that one of those 3 reasons is very important (critical) to you, and that rdiff-backup should Exit (instead of ignoring) if it cannot write the ACL to the destination. If you don't specify --never-drop-acls, it would silently write that ACL to the metadata only. 


Andrew
reply via email to
[Prev in Thread] Current Thread [Next in Thread]