How do I use tar and rsync command that can preserve the ACLs, extended attributes and SELinux contexts under CentOS / RHEL / Fedora Linux server while making backups?

Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements SELinux, tar, rsync,
Est. reading time N/A
Both the GNU/tar and rsync command can archive the Extended Attributes such as the following for backup and other purpose:

=> Selinux context

=> Acls

=> xattrs

tar command syntax

The syntax is:

tar --selinux --acls --xattrs  -cvf file.tar /var/www


  1. --selinux – Save the SELinux context to the archive called file.tar.
  2. --acls – ASave the ACLs to the archive called file.tar.
  3. --xattrs – Save the user/root xattrs to the archive called file.tar Please that it archive all extended attributes, including SELinux and ACLs.
  4. -c – Create a new archive called file.tar.
  5. -v – Verbose output.
  6. -f file.tar – Archive file name.
  7. /var/www – Create archive called file.tar from directory /var/www

To extract archive, simply type:

tar -xvf file.tar

You can ignore the attributes using the following syntax for backward compatibility with older Linux based systems:

tar --no-acls --no-selinux --no-xattrs -xvf file.tar


  1. --no-acls – Don’t extract the ACLs from the archive.
  2. --no-selinux – Don’t extract the SELinux context from the archive.
  3. --no-xattrs – Don’t extract the user/root xattrs from the archive

rsync command syntax

The syntax is:

rsync -av -A -X /source/path /dest/path
rsync -az -A -X /source/path user1@server2:/dest/path


  1. -A : Preserve ACL.
  2. -X : Preserve extended attributes/SELinux.
  3. -a : Archive mode.
  4. -z : Compress file data during the transfer.

To sync /var/www to node2, enter:

rsync -aAX /var/www root@node2:/var/www/


rsync -e ssh -aAX /var/www root@node2:/var/www/

You may want to pass the following additional option to backup hard links (-H), see progress (-P), and verbose (-v) output:

rsync -e ssh -aAXHPv /var/www root@node2:/var/www/

How do I see the SELinux context?

Type the following command:
ls -lZ
ls -lZ /path/to/file

ls -Z

How do I see the extended attributes of filesystem objects?

Use the getfattr command:

getfattr -d -m - -R /path/to/dir
getfattr -d -m - /path/to/file
getfattr -d -m security.selinux -R /var/www

To list file attributes on a Linux second extended file system (see chattr command for more information):

lsattr /path/to/file

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • MK Mar 26, 2015 @ 1:40

    Hey how can I create a tar ball in android retaining the selinux permissions? I have installed busybox. I am getting the error “unknown option — selinuxBusyBox v1.21.0-jb static (2013-04-15 01:54 -0700) multi-call binary.” Thanks.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum