mv and posix ACLs

Russell Coker russell at coker.com.au
Tue Aug 23 13:49:44 UTC 2005


getxattr("/mnt/nfs/test", "system.posix_acl_access", 0xbfc96c20, 132) = -1 
EOPNOTSUPP (Operation not supported)
setxattr("./test", "system.posix_acl_access", 
"\x02\x00\x00\x00\x01\x00\x06\x00\xff\xff\xff\xff\x04\x00\x04\x00\xff\xff\xff\xff 
\x00\x04\x00\xff\xff\xff\xff", 28, 0) = -1 EOPNOTSUPP (Operation not 
supported)

Stracing an mv operation shows that the above is performed.  Reading 
coreutils-acl.patch from the coreutils SRPM indicates that the code in acl.c 
is creating a posix ACL that matches the Unix permissions and trying to apply 
it.

Why does it do this?  What is the point of having a POSIX ACL containing the 
same data as the Unix permissions, it seems that when POSIX ACLs are enabled 
in the destination file-system it will just waste disk space and CPU time by 
needlessly duplicating data, and when POSIX ACLs are disabled (the default 
configuration) it will just waste a small amount of CPU time on the mv 
operation in trying to set something that can never be set.

This seems like a bug to me, but someone has obviously gone to quite a bit of 
effort to make it do that so there is presumably some reason.  What is the 
reason for desiring this functionality and does it really outweigh the 
problems?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-devel-list mailing list