From: Brian Inglis <Brian.Inglis@Shaw.ca>
To: cygwin@cygwin.com
Cc: Thomas Schweikle <tschweikle@bfs.de>
Subject: Re: Howto fix C:\cygwin acl after backup/restore?
Date: Fri, 7 Apr 2023 16:20:40 -0600 [thread overview]
Message-ID: <e04c101e-4e62-ac39-7236-e509647c2b30@Shaw.ca> (raw)
In-Reply-To: <77a9a77a-8848-f582-18c9-2d2b13a71d4f@bfs.de>
On 2023-04-07 14:36, Thomas Schweikle via Cygwin wrote:
> How can C:\cygwin ACL be fixed after a backup/restore (file by file, not image).
> The program seems to force canonical ACL while restoring.
> How do i get back ACL as they are right after installing cygwin?
> Docs did not help here. They discussed Windows-ACL to POSIX-ACL or simple
> rwxrwxrwx POSIX rights used on most *nix machines, but at no point where
> concrete ACL shown as they are supposed to be applied to the installed C:\cygwin
> tree.
> Any idea? Any script? Any existing command to recreate recommended ACLs?
For the Cygwin root directory, normal u+rwx,go+rx perms are sufficient.
For other Cygwin files where perms are significant, you should use Cygwin
backup/restore utilities e.g. rsync, tar, cpio, etc.
Without some image of Cygwin ACLs, you can not restore them as they were, as in
the setfacl(1) example:
$ getfacl source_file | setfacl -f - target_file
or an equivalent en masse.
For user created files and scripts, use relevant normal permissions.
For installed files, if you have a complete and current package cache directory,
you can compare the installation to the latest archive of each package under
<MIRROR>/{x86_64,noarch}/release/ looping thru:
tar -d -C / -f <MIRROR>/{x86_64,noarch}/release/<PKG>/.../...-<VER>-<REL>.tar.*z*
e.g.
$ tar -d -C / -f ~/mirror/x86_64/release/bash/bash-4.4.12-3.tar.xz
/bin/tar: etc/postinstall/bash.sh: Warning: Cannot stat: No such file or directory
usr/bin/bash.exe: Uid differs
usr/bin/bash.exe: Gid differs
usr/bin/bashbug: Mode differs
usr/bin/bashbug: Uid differs
usr/bin/sh.exe: Not linked to usr/bin/bash.exe
usr/include/bash/alias.h: Uid differs
...
which is very verbose, or do your own perms comparison vs the outputs from
looping thru:
tar -tv -C / -f <MIRROR>/{x86_64,noarch}/release/<PKG>/.../...-<VER>-<REL>.tar.*z*
(*always remembering that all Cygwin installation tar file paths are relative to
the Cygwin root directory / and need adjusted for use*) sort and group the files
and directories which differ by tar permissions, and feed the lists of files and
directories in a loop to e.g.:
/bin/xargs -P `nproc` -a <PERMS>.lst /bin/chmod <PERMS>
to safely batch and parallelize the changes, or background each <PERMS> command
in the loop:
/bin/xargs -a <PERMS>.lst /bin/chmod <PERMS> &
to parallelize the workload.
The Windows directory cache will buffer the changes, and it might be good to:
$ sync -f /usr /etc
to flush updates to disk: the second arg, if to the same file system, may have
to wait until the first has completed, unless the command detects that.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
prev parent reply other threads:[~2023-04-07 22:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-07 20:36 Thomas Schweikle
2023-04-07 22:20 ` Brian Inglis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e04c101e-4e62-ac39-7236-e509647c2b30@Shaw.ca \
--to=brian.inglis@shaw.ca \
--cc=cygwin@cygwin.com \
--cc=tschweikle@bfs.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).