Re: xorriso, create an iso archive from a directory which has NTFS ACLs/

Hi,

sorry for breaking the list threading. I got a list notification with the
mail text when it was pending, but not yet the approved mail which is
already in the list archives. So i know its text but not its message id.

Kristaps Esterliņš wrote:
> At the moment I have
> succesfully created test backups using the joliet extension. The only issue
> left is that I cannot store or save the NTFS ACLs or xattrs from the source
> files and folders.

I assume "successfully created" means that they were readable on the systems
where they might be restored.

If that reading is supposed to happen without help of xorriso, then the
first bad news is that neither ISO 9660 nor Joliet specify ACLs. I.e. if
there are Joliet filesystems which show non-trivial ACLs when inspected by
MS-Windows or a Linux kernel, then i would have to learn how the ACLs get
represented there.

You could avoid the attempt to read ACL and xattr by replacing
-for_backup
by
-md5 on -hardlinks on

Consider to obtain the ACLs in some text form, which can be used to restore
them after you copied the files out of the Joliet tree. Like getfacl(1) can
do for setfacl(1) on GNU/Linux.
Put that text file into your backup, e.g. by:
-map ./freshly_made_acl_list /this_backups_acl_list

xorriso's own ACL recording is for the case that xorriso inspects or
restores files from an ISO 9660 filesystem. The storage format is my
self-invented SUSP protocol named "AAIP". Its specification is public
and resembles much the representation of Rock Ridge symbolic links. But
nobody outside libisofs and xorriso implemented a reader for it.

xorriso can record ACLs if running on GNU/Linux or FreeBSD.
In both cases it uses the system function acl_get_file(3).

> libisofs: FAILURE : Error with reading ACL or xattr from local file:
> '/srv/backup/samba/service/service-13-09-2022/service/folder1/garantiju
> veidi.pdf'

I assume you run xorriso on GNU/Linux.
It looks like acl_get_file() returned an error code. Regrettably i failed
to implement a more detailed report about what goes wrong. (Gets on my todo
list now.)

I made a primitive test program around acl_get_file:
---------------------------------------------------------------------
#include <stdio.h>
#include <sys/types.h>
#include <string.h>
#include <errno.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/acl.h>

int main(int argc, char **argv)
{
acl_t acl;
char *text;
struct stat stbuf;

if(argc < 2) {
   fprintf(stderr, "usage: acl_test path\n");
   return(1);
}
if(stat(argv[1], &stbuf) == -1) {
   fprintf(stderr, "On stat(): errno=%d \"%s\"\n", errno, strerror(errno));
   return(2);
}

if(S_ISDIR(stbuf.st_mode)) {
   acl= acl_get_file(argv[1], ACL_TYPE_DEFAULT);
   if(acl == NULL) {
     fprintf(stderr, "On ACL_TYPE_DEFAULT: errno=%d \"%s\"\n",
                     errno, strerror(errno));
   } else {
     text= acl_to_text(acl, NULL);
     if(text != NULL)
       printf("ACL_TYPE_DEFAULT :\n%s\n", text);
     else
       printf("ACL_TYPE_DEFAULT : NULL\n");
     acl_free(acl);
     acl_free(text);
   }
}

acl= acl_get_file(argv[1], ACL_TYPE_ACCESS);
if(acl == NULL) {
   fprintf(stderr, "On ACL_TYPE_ACCESS: errno=%d \"%s\"\n",
                   errno, strerror(errno));
} else {
   text= acl_to_text(acl, NULL);
   if(text != NULL)
     printf("ACL_TYPE_ACCESS :\n%s\n", text);
   else
     printf("ACL_TYPE_ACCESS : NULL\n");
   acl_free(acl);
   acl_free(text);
}
return(0);
}

---------------------------------------------------------------------

For building it, you need fundamental C development tools, the libacl
development headers, and the libacl runtime library. (In Debian:
"build-essential", "libacl1-dev", "libacl1")

Store above code as acl_test.c and compile it by
cc -g -o acl_test acl_test.c -lacl
Then run it by

./acl_test /srv/backup/samba/...more.path...

to see the detected ACL or the error code.

If acl_get_file(3) is not the right way to inquire a Samba ACL, then i
need to see some description of the right way. Also a description of how
to set ACLs in Samba when xorriso restores files, and how to represent
them as texts when the xorriso user wants to see them.
And i'd need a patient tester, of course.

Have a nice day :)

Thomas

From:	Kristaps Esterliņš
Subject:	Re: xorriso, create an iso archive from a directory which has NTFS ACLs/xattr
Date:	Wed, 14 Sep 2022 07:51:13 +0000