Storing POSIX.1e-style ACLs in tar files

Table of Contents Introduction star's approach Solaris approach AIX approach Footnote: About POSIX.1e

I currently know of two approaches for storing POSIX.1e ACLs in tar archives. The first was originally developed by Joerg Schilling for _star_ and subsequently adopted by libarchive and by GNU tar. The other was developed by Sun Microsystems for Solaris.

POSIX.1e ACLs are simpler and the draft specification defines a portable interchange format, so the picture here is a little clearer than for NFSv4 ACLs (or other system-specific ACL implementations). I've begun to document NFSv4 ACL storage approaches in [TarNFS4ACLs].

Some of these techniques are similar to ones used for storing POSIX.1e extended attributes. See [TarExtendedAttributes] for more information.

Star stores POSIX.1e ACLs in pax attributes with the names SCHILY.acl.access and SCHILY.acl.default. The values of these attributes are the textual ACL entries for the access and default ACLs, respectively. The textual format follows POSIX.1e draft 17:

• Individual entries are separated by commas.
• A fourth colon-separated field is added to user and group entries with the numeric uid or gid.

In particular, note the necessity for storing both user/group names and IDs for each user or group referenced. The names are critical when transferring data across systems, as IDs may differ. The IDs are critical for system backup/restore, as the user/group databases may be unavailable at restore time. (For example, you might be restoring a damaged user or group database.)

Prior to the standardization of the pax extended format, Sun introduced a separate entry in tar files to hold the ACL information. This entry has type "A" and immediately precedes the file to which it applies. The body of this entry consists of the following:

• An ASCII number in octal followed by a single NULL byte. The value is 01000000 plus the number of entries in the ACL. The 01000000 value flags this as a POSIX.1e ACL; the count of entries is redundant and can generally be ignored.
• A textual list of all ACL entries. This list includes both default and access entries. The default entries have the text "default" prepended (e.g., "defaultuser::rwx"). The entries are comma-separated. Unlike the _star_ format, there is no additional field for the user/group ID.

AIX implemented a system similar to Solaris but with a number of problems. Most obviously, the ACL is stored after the entry and not before. This constrains the possible implementations (libarchive, for example, wants to see all metadata before reading the body). The format used is also pretty non-portable. The TarNFS4ACLs page has some additional details about this format.

POSIX.1e was an attempt to define standard mechanisms for handling extended attributes and ACLs on POSIX systems. Unfortunately, the committee working on POSIX.1e was unable to come to a consensus and the standard was never completed. The final version of POSIX.1e is "Draft 17" which has served as the basis for many system implementations. Unfortunately, the final draft has several obvious omissions that have been filled in different fashions.