Ask a question
Join us for IBM TechXchange Day: AI and Automation
When copying files with Aspera, we can opt to preserve the file access permissions of files when they are copied to the target server. On Windows systems these are known as ACLs. If both source and target machines are part of the same domain, we can set the option ‘preserve acls’ to the value ‘native’ either in the Desktop Client or on the command line. However some of the behaviour may not be obvious.
Windows has the concept of inherited file permissions. So a file in a folder can be set to inherit ACLs from its parent. However, the actual permission on the file is simply ‘inherit’, and does not specify any user. The effective permissions include the inherited permissions and any that are explicitly specified.
Consider the following source file structure:
Here, both Alice and Bob have access to the root folder, and everything else inside is set to inherit permissions. When the files are copied to a new server, if they are copied into a folder with different ACLs they will inherit those permissions. So the effective permissions give Alice and Bob access to everything.
Now if we copy those files from the root folder to a new target folder on the Aspera server which has different permissions, the files will inherit from their new parent:
Now, Alice and Colin have access but Bob does not. This may seem counter-intuitive. If Dave copies these files with the ‘preserve ACLs’ option set, he might expect Bob to be able to access the files on the new server, but he will not. This is because of how Windows works. On the source side it does not record anyone’s access to the files other than the root folder – only that the permissions are to be inherited. If you copy them to a new folder, they will inherit permissions from there. This is not an Aspera issue – the same thing will happen if you do a local copy to the same machine.