create/extract: add --noacls option, #3955

when given with borg create, borg will not get ACLs from input files (and thus, it will not archive ACLs).

when given with borg extract, borg will not read ACLs from archive and it will not set ACLs on extracted files.

src/borg/archive.py

@@ -379,7 +379,8 @@ class Archive:
         """Failed to encode filename "{}" into file system encoding "{}". Consider configuring the LANG environment variable."""
 
     def __init__(self, repository, key, manifest, name, cache=None, create=False,
-                 checkpoint_interval=1800, numeric_owner=False, noatime=False, noctime=False, noflags=False,
+                 checkpoint_interval=1800, numeric_owner=False, noatime=False, noctime=False,
+                 noflags=False, noacls=False,
                  progress=False, chunker_params=CHUNKER_PARAMS, start=None, start_monotonic=None, end=None,
                  consider_part_files=False, log_json=False):
         self.cwd = os.getcwd()
@@ -398,6 +399,7 @@ class Archive:
         self.noatime = noatime
         self.noctime = noctime
         self.noflags = noflags
+        self.noacls = noacls
         assert (start is None) == (start_monotonic is None), 'Logic error: if start is given, start_monotonic must be given as well and vice versa.'
         if start is None:
             start = datetime.utcnow()
@@ -853,7 +855,8 @@ Utilization of max. archive size: {csize_max:.0%}
             except OSError:
                 # some systems don't support calling utime on a symlink
                 pass
-            acl_set(path, item, self.numeric_owner, fd=fd)
+            if not self.noacls:
+                acl_set(path, item, self.numeric_owner, fd=fd)
             # chown removes Linux capabilities, so set the extended attributes at the end, after chown, since they include
             # the Linux capabilities in the "security.capability" attribute.
             warning = xattr.set_all(fd or path, item.get('xattrs', {}), follow_symlinks=False)
@@ -1077,7 +1080,8 @@ class MetadataCollector:
             if not self.noflags:
                 flags = get_flags(path, st, fd=fd)
             xattrs = xattr.get_all(fd or path, follow_symlinks=False)
-            acl_get(path, attrs, st, self.numeric_owner, fd=fd)
+            if not self.noacls:
+                acl_get(path, attrs, st, self.numeric_owner, fd=fd)
         if xattrs:
             attrs['xattrs'] = StableDict(xattrs)
         if flags:

src/borg/archiver.py

@@ -189,6 +189,7 @@ def with_archive(method):
         archive = Archive(repository, key, manifest, args.location.archive,
                           numeric_owner=getattr(args, 'numeric_owner', False),
                           noflags=getattr(args, 'nobsdflags', False) or getattr(args, 'noflags', False),
+                          noacls=getattr(args, 'noacls', False),
                           cache=kwargs.get('cache'),
                           consider_part_files=args.consider_part_files, log_json=args.log_json)
         return method(self, args, repository=repository, manifest=manifest, key=key, archive=archive, **kwargs)
@@ -635,6 +636,7 @@ class Archiver:
         self.output_filter = args.output_filter
         self.output_list = args.output_list
         self.noflags = args.nobsdflags or args.noflags
+        self.noacls = args.noacls
         self.exclude_nodump = args.exclude_nodump
         dry_run = args.dry_run
         t0 = datetime.utcnow()
@@ -651,7 +653,8 @@ class Archiver:
                                   chunker_params=args.chunker_params, start=t0, start_monotonic=t0_monotonic,
                                   log_json=args.log_json)
                 metadata_collector = MetadataCollector(noatime=not args.atime, noctime=args.noctime,
-                    noflags=args.nobsdflags or args.noflags, numeric_owner=args.numeric_owner, nobirthtime=args.nobirthtime)
+                    noflags=args.nobsdflags or args.noflags, noacls=args.noacls,
+                    numeric_owner=args.numeric_owner, nobirthtime=args.nobirthtime)
                 cp = ChunksProcessor(cache=cache, key=key,
                     add_item=archive.add_item, write_checkpoint=archive.write_checkpoint,
                     checkpoint_interval=args.checkpoint_interval, rechunkify=False)
@@ -3379,6 +3382,8 @@ class Archiver:
                               help='deprecated, use ``--noflags`` instead')
         fs_group.add_argument('--noflags', dest='noflags', action='store_true',
                               help='do not read and store flags (e.g. NODUMP, IMMUTABLE) into archive')
+        fs_group.add_argument('--noacls', dest='noacls', action='store_true',
+                              help='do not read and store ACLs into archive')
         fs_group.add_argument('--sparse', dest='sparse', action='store_true',
                                help='detect sparse holes in input (supported only by fixed chunker)')
         fs_group.add_argument('--files-cache', metavar='MODE', dest='files_cache_mode',
@@ -3797,6 +3802,8 @@ class Archiver:
                                help='deprecated, use ``--noflags`` instead')
         subparser.add_argument('--noflags', dest='noflags', action='store_true',
                                help='do not extract/set flags (e.g. NODUMP, IMMUTABLE)')
+        subparser.add_argument('--noacls', dest='noacls', action='store_true',
+                               help='do not extract/set ACLs')
         subparser.add_argument('--stdout', dest='stdout', action='store_true',
                                help='write all extracted data to stdout')
         subparser.add_argument('--sparse', dest='sparse', action='store_true',