[Box Backup] Attributes not backed up correctly, also request to add ACL support

Chris Wilson boxbackup@boxbackup.org
Tue, 11 Aug 2009 21:10:42 +0100 (BST) 

Hi Achim,

On Tue, 11 Aug 2009, Achim wrote:

> I think the "Archive" attribute is definitely irrelevant: never 
> understood its use anyway (-:

Irconically, it's supposed to be used by backup utilities: to determine 
whether a file has changed since it was last backed up, and therefore 
should be backed up again. I don't think anything worth using touches it 
any more.

> Hidden and System are more important: they are probably set for a reason,
> for instance to
> 1/ Reduce user confusion (after restore without hidden, many more files
> might show up!)
> 2/ Protect the system from the user (hidden and system files by default do
> not show up in explorer.exe and are therefore somewhat "saver" from being
> deleted by the user)
>
> Some example of real hidden system files:
>
> A   H      C:\Documents and Settings\ajl\NTUSER.DAT
> A   H      C:\Documents and Settings\ajl\ntuser.dat.LOG
>   SH      C:\Documents and Settings\ajl\ntuser.ini
>
>> From your answer "ignore[..] them entirely" I understand that this is not
> an easy fix, and perhaps not possible at all?

It is possible, but it requires either:

1. cramming the Windows file attributes into the Unix 9-bit format in such 
a way that restores of Windows files on Unix will have weird permissions 
(we already go to great lengths to avoid restoring files with all-zero 
permissions on Unix which makes them unreadable to anyone but root); or

2. storing Windows files with attributes that are not backwards-compatible 
with old clients or compatible with being restored on Unix.

> So that user threatens to stop using Box Backup if it gets more accurate 
> at backing up and restoring meta data? Interesting case, would be nice 
> to know the rationale behind that position.

I think he believed that in the case of a bare-metal restore, the original 
permissions would be worthless as the ownership SIDs for each ACL 
entry would have changed. We could look them up by name if the original 
numeric SID didn't exist, or as you say, add a switch to restore ACLs 
explicitly.

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |