tech stuff.

scp and POSIX ACLs

leave a comment »

scp doesn’t play well with POSIX filesystem ACLs, and as far as I can tell there’s nothing to be done about it.

The problem is that the server side explicitly calls open(2) with the mode of the file on the client side in all cases.  Since the file’s group permissions are linked to the mask ACL, this means that — for a mode 644 file — the file gets set mask::r-- instead of inheriting the default mask from the directory.

In my opinion, the correct way to do it would be to create the file without an explicit mode unless the -p command line option was used.  In fact, I would have thought that was the point of the -p flag.

This issue isn’t exclusive to ACLs, really.  It seems like it would cause problems with standard unix permissions as well.  Anyway, the only way around it seems to be changing the mode on the client side prior to the scp.  bummer.

Note: I determined this by examining the version of OpenSSH distributed with Ubuntu Lucid, which is 5.3p1.  Please let me know if you’ve had a different experience.

Written by Lee Verberne

2011-07-07 at 13:21

Posted in Linux

Tagged with , ,

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: