rsync/cp and ACL/permission problem

[sdns575]

I found a problem when using rsync or cp copying a file from regular directory to the mounted volume of gocryptfs for files with ACL configured. If I try to preserve ACL it preserves ACL but not regular permission.

This happens on Debian testing with gocryptfs 1.8 (tried also the static version).

How to reproduce:

# mkdir src
# echo "1" > src/testfile
# setfacl -m u:daemon:rwx src/testfile 
# ls -l src/testfile 
-rw-rwxr--+ 1 root root 2  4 feb 15.44 src/testfile

# mkdir plain gotest
# gocryptfs -init gotest/
# gocryptfs gotest/ plain/
# cp src/testfile plain/
# ls -l plain/testfile 
-rw-r-xr-- 1 root root 2  4 feb 15.45 plain/testfile   (in this case only regular permissions are preserved)
# getfacl plain/testfile 
file: plain/testfile
owner: root
group: root
user::rw-
group::r-x
other::r--

# rm plain/testfile 

# cp -a src/testfile plain/testfile 
# ls -l plain/testfile 
-rw-------+ 1 root root 2  4 feb 15.44 plain/testfile (in this case only ACL is preserved but not regular permissions)
# getfacl plain/testfile 
file: plain/testfile
owner: root
group: root
user::rw-
user:daemon:rwx
group::r--
mask::rwx
other::r--

If I run cp -a on regular directories permissions and ACL are properly respected. On mounted gocryptfs I need 2 operation.

The same issue is found when using rsync with -A. When using rsync with hardlinks, this causes the problem that rsync find the previous file having different permission and it resync it totally, wasting disk space. In my last backup rsync resynced more then 300GB for the acl problem. Currently running rsync without -A and saving ACL in another way.

[rfjakob]

Sorry about that, should be fixed now.

However, ACLs are not enforced yet. Until I can unbreak this I have added a warning to the README: 4b4a68e

This is why I suggest to not use ACLs till v2.0 final is released.

[sdns575]

Thank you. I will wait v2.0.