tar and rsync: Archive and Preserve SELinux Contexts, Extended Attributes, And ACLs

How do I use tar and rsync command that can preserve the ACLs, extended attributes and SELinux contexts under CentOS / RHEL / Fedora Linux server while making backups?


Both the GNU/tar and rsync command can archive the Extended Attributes such as the following for backup and other purpose:

=> Selinux context

=> Acls

=> xattrs

tar command syntax

The syntax is:

 
tar --selinux --acls --xattrs  -cvf file.tar /var/www
 

Where,

1. --selinux - Save the SELinux context to the archive called file.tar.
2. --acls - ASave the ACLs to the archive called file.tar.
3. --xattrs - Save the user/root xattrs to the archive called file.tar Please that it archive all extended attributes, including SELinux and ACLs.
4. -c - Create a new archive called file.tar.
5. -v - Verbose output.
6. -f file.tar - Archive file name.
7. /var/www - Create archive called file.tar from directory /var/www

To extract archive, simply type:

 
tar -xvf file.tar
 

You can ignore the attributes using the following syntax for backward compatibility with older Linux based systems:

 
tar --no-acls --no-selinux --no-xattrs -xvf file.tar
 

Where,

1. --no-acls - Don't extract the ACLs from the archive.
2. --no-selinux - Don't extract the SELinux context from the archive.
3. --no-xattrs - Don't extract the user/root xattrs from the archive

rsync command syntax

The syntax is:

 
rsync -av -A -X /source/path /dest/path
rsync -az -A -X /source/path user1@server2:/dest/path
 

Where,

1. -A : Preserve ACL.
2. -X : Preserve extended attributes/SELinux.
3. -a : Archive mode.
4. -z : Compress file data during the transfer.

To sync /var/www to node2, enter:

 
rsync -aAX /var/www root@node2:/var/www/
 

OR

 
rsync -e ssh -aAX /var/www root@node2:/var/www/
 

You may want to pass the following additional option to backup hard links (-H), see progress (-P), and verbose (-v) output:

 
rsync -e ssh -aAXHPv /var/www root@node2:/var/www/
 

How do I see the SELinux context?

Type the following command:
ls -lZ
ls -lZ /path/to/file
OR
ls -Z

How do I see the extended attributes of filesystem objects?

Use the getfattr command:

 
getfattr -d -m - -R /path/to/dir
getfattr -d -m - /path/to/file
getfattr -d -m security.selinux -R /var/www
 

To list file attributes on a Linux second extended file system (see chattr command for more information):

 
lsattr /path/to/file
 

• Tweet
• 
• 

You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

• 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
• Top 30 Nmap Command Examples For Sys/Network Admins
• 25 PHP Security Best Practices For Sys Admins
• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• 20 Linux Server Hardening Security Tips
• Linux: 20 Iptables Examples For New SysAdmins
• Top 20 OpenSSH Server Best Security Practices
• Top 20 Nginx WebServer Best Security Practices
• 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
• 15 Greatest Open Source Terminal Applications Of 2012
• My 10 UNIX Command Line Mistakes
• Top 10 Open Source Web-Based Project Management Software
• Top 5 Email Client For Linux, Mac OS X, and Windows Users
• The Novice Guide To Buying A Linux Laptop