Equivalent of subinacl.exe on linux / unix

aclbackuppermissions

When modifying permissions on Windows I backup the ACLs to a file first using a commands like: 

subinacl /noverbose /output=C:\temp\foldername_redir_permissions_backup_star_star.txt /subdirectories "W:\foldername\*.*"

and…

subinacl /noverbose /output=C:\temp\foldername_redir_permissions_backup.txt /subdirectories "W:\foldername\"

…to back them up.

And then if they need to be restored, a command like…

subinacl /playfile C:\temp\foldername_redir_permissions_backup_star_star.txt

…can be used to restore them.

So can the same thing be done for POSIX permissions on Linux / Unix? And what about ACL extended permissions?

Best Answer

setfacl is designed to accept getfacl output as input. Meaning you can run getfacl, save the output to a file, do your thing, then restore the ACL. The exact procedure can vary depending on your platform. On Linux though:

  # Take a peek at the current ACL
[root@vlp-fuger ~]# getfacl newFile
# file: newFile
# owner: root
# group: root
user::rw-
group::r--
group:provisor:rwx
mask::rwx
other::r--

  # Backup ACL
[root@vlp-fuger ~]# getfacl newFile > newFile.acl

  # Remove the group permission, add another that we'll later want to get rid of
[root@vlp-fuger ~]# setfacl -x g:provisor newFile
[root@vlp-fuger ~]# setfacl -m g:ihtxadm:r-x newFile
[root@vlp-fuger ~]# getfacl newFile
# file: newFile
# owner: root
# group: root
user::rw-
group::r--
group:ihtxadm:r-x
mask::r-x
other::r--

  # Restore ACL to where it was
[root@vlp-fuger ~]# setfacl --restore=newFile.acl

  # Resulting ACL
[root@vlp-fuger ~]# getfacl newFile
# file: newFile
# owner: root
# group: root
user::rw-
group::r--
group:provisor:rwx
mask::rwx
other::r--

You can also use --set-file on the setfacl you use to restore and set it to - if you want to pipe the old ACL in. You can also use getfacl -R to backup the ACL's of entire directory trees.

Related Question