vim vs. Linux extended ACLs

Extended ACLs on Linux can be incredibly useful.  Permissions can actually be more secure whilst allowing a number of users or daemons access to a file, no longer are unwieldy groups necessary to allow reading or writing.  But for some reason, I noticed that these extended ACLs disappeared when a file was edited in vim.

The solution is very simple, you just need to set backupcopy=yes in your .vimrc. Note that backupcopy=auto currently does not work.

The way that vim normally works is to rename the file you are working on and write a new file.  This is fast and means that no files have to be deleted.  Unfortunately, it also means that any special attributes that vim does not understand are lost.

Setting backupcopy=yes ensures that the original file is copied and then overwritten upon save.  This takes a little longer, but will preserve the attributes correctly.  More information can be found in the topic :help backupcopy inside vim.

You can check this page for a quick rundown or this one for a longer explanation on how ACLs work in Linux.

David Cannings
Cyber Security Geek

My interests include computer security, digital electronics and writing tools to help analysis of cyber attacks.