On Tue, Apr 12, 2016 at 8:45 AM, Xen wrote:
Carlos E. R. schreef op 12-04-16 14:00:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday, 2016-04-12 at 02:27 +0200, Xen wrote:
Another flag to remember. However, whenever I am not superuser, it will not preserve any ownership (which is in a sense logical) (but at the same time it will preserve all ACL rights).
So, can we have a backup admin using ACLs?
Yes you can have anything. There are no limits to the system.
However it probably does require permissions (ACLs) to be propagated down a tree on every file creation, and this is the administrative burden.
You need to ensure that these ACLs are set, and if some user takes it away, you lose permissions. I think.
There is not some kind of master permission on the root of some tree, that is going to apply to all files indiscriminately, I think.
I'm not truly expert with ACLs, but I think you can set a default ACL in every currently existing folder to be inherited by any newly created files and folders that are direct children of the folder. So if you create a "backup" user and give it read access to every existing folder and file and also make that ACL be applied to newly created files and folders by default, all should be good. If someone wants to block access to the "backup" user, then that can be done but it takes an active step on the part of the file owner (or root). The bigger issue might be restores. It may require root access to properly restore a random file tree. This whole backup (and restore) user concept implemented via ACLs would make a good post for a blog (lizards?). fyi: With windows the Backup role can actually have more access than the Administrator role. I've tried to access the equivalent of /dev/sda on a windows box before and have it fail for the Administrator. We had to add the backup role to the Administrator account before it would work. As far as I know that level of granular access is beyond what Linux ACLs can provide. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org