1 /* copy.c -- core functions for copying files and directories
2 Copyright (C) 89, 90, 91, 1995-2006 Free Software Foundation.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18 /* Extracted from cp.c and librarified by Jim Meyering. */
23 #include <sys/types.h>
34 #include "backupfile.h"
35 #include "buffer-lcm.h"
38 #include "euidaccess.h"
41 #include "filenamecat.h"
42 #include "full-write.h"
43 #include "getpagesize.h"
50 #include "stat-time.h"
53 #include "xreadlink.h"
57 # define HAVE_FCHOWN false
58 # define fchown(fd, uid, gid) (-1)
61 #define SAME_OWNER(A, B) ((A).st_uid == (B).st_uid)
62 #define SAME_GROUP(A, B) ((A).st_gid == (B).st_gid)
63 #define SAME_OWNER_AND_GROUP(A, B) (SAME_OWNER (A, B) && SAME_GROUP (A, B))
65 #define UNWRITABLE(File_name, File_mode) \
66 ( /* euidaccess is not meaningful for symlinks */ \
67 ! S_ISLNK (File_mode) \
68 && euidaccess (File_name, W_OK) != 0)
72 struct dir_list *parent;
77 /* Describe a just-created or just-renamed destination file. */
85 /* Initial size of the above hash table. */
86 #define DEST_INFO_INITIAL_CAPACITY 61
88 static bool copy_internal (char const *src_name, char const *dst_name,
89 bool new_dst, dev_t device,
90 struct dir_list *ancestors,
91 const struct cp_options *x,
92 bool command_line_arg,
94 bool *rename_succeeded);
96 /* Pointers to the file names: they're used in the diagnostic that is issued
97 when we detect the user is trying to copy a directory into itself. */
98 static char const *top_level_src_name;
99 static char const *top_level_dst_name;
101 /* The invocation name of this program. */
102 extern char *program_name;
104 /* FIXME: describe */
105 /* FIXME: rewrite this to use a hash table so we avoid the quadratic
106 performance hit that's probably noticeable only on trees deeper
107 than a few hundred levels. See use of active_dir_map in remove.c */
110 is_ancestor (const struct stat *sb, const struct dir_list *ancestors)
112 while (ancestors != 0)
114 if (ancestors->ino == sb->st_ino && ancestors->dev == sb->st_dev)
116 ancestors = ancestors->parent;
121 /* Read the contents of the directory SRC_NAME_IN, and recursively
122 copy the contents to DST_NAME_IN. NEW_DST is true if
123 DST_NAME_IN is a directory that was created previously in the
124 recursion. SRC_SB and ANCESTORS describe SRC_NAME_IN.
125 Set *COPY_INTO_SELF if SRC_NAME_IN is a parent of
126 (or the same as) DST_NAME_IN; otherwise, clear it.
127 Return true if successful. */
130 copy_dir (char const *src_name_in, char const *dst_name_in, bool new_dst,
131 const struct stat *src_sb, struct dir_list *ancestors,
132 const struct cp_options *x, bool *copy_into_self)
136 struct cp_options non_command_line_options = *x;
139 name_space = savedir (src_name_in);
140 if (name_space == NULL)
142 /* This diagnostic is a bit vague because savedir can fail in
143 several different ways. */
144 error (0, errno, _("cannot access %s"), quote (src_name_in));
148 /* For cp's -H option, dereference command line arguments, but do not
149 dereference symlinks that are found via recursive traversal. */
150 if (x->dereference == DEREF_COMMAND_LINE_ARGUMENTS)
151 non_command_line_options.dereference = DEREF_NEVER;
154 while (*namep != '\0')
156 bool local_copy_into_self;
157 char *src_name = file_name_concat (src_name_in, namep, NULL);
158 char *dst_name = file_name_concat (dst_name_in, namep, NULL);
160 ok &= copy_internal (src_name, dst_name, new_dst, src_sb->st_dev,
161 ancestors, &non_command_line_options, false,
162 &local_copy_into_self, NULL);
163 *copy_into_self |= local_copy_into_self;
168 namep += strlen (namep) + 1;
174 /* Set the owner and owning group of DEST_DESC to the st_uid and
175 st_gid fields of SRC_SB. If DEST_DESC is undefined (-1), set
176 the owner and owning group of DST_NAME instead. DEST_DESC must
177 refer to the same file as DEST_NAME if defined.
178 Return true if the syscall succeeds, or if it's ok not to
179 preserve ownership. */
182 set_owner (const struct cp_options *x, char const *dst_name, int dest_desc,
183 uid_t uid, gid_t gid)
185 if (HAVE_FCHOWN && dest_desc != -1)
187 if (fchown (dest_desc, uid, gid) == 0)
192 if (chown (dst_name, uid, gid) == 0)
196 if (! chown_failure_ok (x))
198 error (0, errno, _("failed to preserve ownership for %s"),
200 if (x->require_preserve)
207 /* Set the st_author field of DEST_DESC to the st_author field of
208 SRC_SB. If DEST_DESC is undefined (-1), set the st_author field
209 of DST_NAME instead. DEST_DESC must refer to the same file as
210 DEST_NAME if defined. */
213 set_author (const char *dst_name, int dest_desc, const struct stat *src_sb)
215 #if HAVE_STRUCT_STAT_ST_AUTHOR
216 /* Preserve the st_author field. */
217 file_t file = (dest_desc < 0
218 ? file_name_lookup (dst_name, 0, 0)
219 : getdport (dest_desc));
220 if (file == MACH_PORT_NULL)
221 error (0, errno, _("failed to lookup file %s"), quote (dst_name));
224 error_t err = file_chauthor (file, src_sb->st_author);
226 error (0, err, _("failed to preserve authorship for %s"),
228 mach_port_deallocate (mach_task_self (), file);
233 /* Copy a regular file from SRC_NAME to DST_NAME.
234 If the source file contains holes, copies holes and blocks of zeros
235 in the source file as holes in the destination file.
236 (Holes are read as zeroes by the `read' system call.)
237 Use DST_MODE as the 3rd argument in the call to open.
238 X provides many option settings.
239 Return true if successful.
240 *NEW_DST is as in copy_internal.
241 SRC_SB is the result of calling XSTAT (aka stat) on SRC_NAME. */
244 copy_reg (char const *src_name, char const *dst_name,
245 const struct cp_options *x, mode_t dst_mode, bool *new_dst,
246 struct stat const *src_sb)
249 char *buf_alloc = NULL;
253 struct stat src_open_sb;
254 bool return_val = true;
256 source_desc = open (src_name, O_RDONLY | O_BINARY);
259 error (0, errno, _("cannot open %s for reading"), quote (src_name));
263 if (fstat (source_desc, &src_open_sb) != 0)
265 error (0, errno, _("cannot fstat %s"), quote (src_name));
270 /* Compare the source dev/ino from the open file to the incoming,
271 saved ones obtained via a previous call to stat. */
272 if (! SAME_INODE (*src_sb, src_open_sb))
275 _("skipping file %s, as it was replaced while being copied"),
281 /* These semantics are required for cp.
282 The if-block will be taken in move_mode. */
285 dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY, dst_mode);
287 if (dest_desc < 0 && x->unlink_dest_after_failed_open)
289 if (unlink (dst_name) != 0)
291 error (0, errno, _("cannot remove %s"), quote (dst_name));
296 printf (_("removed %s\n"), quote (dst_name));
298 /* Tell caller that the destination file was unlinked. */
304 dest_desc = open (dst_name, O_WRONLY | O_CREAT | O_BINARY, dst_mode);
308 error (0, errno, _("cannot create regular file %s"), quote (dst_name));
313 if (fstat (dest_desc, &sb) != 0)
315 error (0, errno, _("cannot fstat %s"), quote (dst_name));
317 goto close_src_and_dst_desc;
320 if (! (S_ISREG (src_open_sb.st_mode) && src_open_sb.st_size == 0))
322 typedef uintptr_t word;
323 off_t n_read_total = 0;
325 /* Choose a suitable buffer size; it may be adjusted later. */
326 size_t buf_alignment = lcm (getpagesize (), sizeof (word));
327 size_t buf_alignment_slop = sizeof (word) + buf_alignment - 1;
328 size_t buf_size = ST_BLKSIZE (sb);
330 /* Deal with sparse files. */
331 bool last_write_made_hole = false;
332 bool make_holes = false;
334 if (S_ISREG (sb.st_mode))
336 /* Even with --sparse=always, try to create holes only
337 if the destination is a regular file. */
338 if (x->sparse_mode == SPARSE_ALWAYS)
341 #if HAVE_STRUCT_STAT_ST_BLOCKS
342 /* Use a heuristic to determine whether SRC_NAME contains any sparse
343 blocks. If the file has fewer blocks than would normally be
344 needed for a file of its size, then at least one of the blocks in
345 the file is a hole. */
346 if (x->sparse_mode == SPARSE_AUTO && S_ISREG (src_open_sb.st_mode)
347 && ST_NBLOCKS (src_open_sb) < src_open_sb.st_size / ST_NBLOCKSIZE)
352 /* If not making a sparse file, try to use a more-efficient
356 /* These days there's no point ever messing with buffers smaller
357 than 8 KiB. It would be nice to configure SMALL_BUF_SIZE
358 dynamically for this host and pair of files, but there doesn't
359 seem to be a good way to get readahead info portably. */
360 enum { SMALL_BUF_SIZE = 8 * 1024 };
362 /* Compute the least common multiple of the input and output
363 buffer sizes, adjusting for outlandish values. */
364 size_t blcm_max = MIN (SIZE_MAX, SSIZE_MAX) - buf_alignment_slop;
365 size_t blcm = buffer_lcm (ST_BLKSIZE (src_open_sb), buf_size,
368 /* Do not use a block size that is too small. */
369 buf_size = MAX (SMALL_BUF_SIZE, blcm);
371 /* Do not bother with a buffer larger than the input file, plus one
372 byte to make sure the file has not grown while reading it. */
373 if (S_ISREG (src_open_sb.st_mode) && src_open_sb.st_size < buf_size)
374 buf_size = src_open_sb.st_size + 1;
376 /* However, stick with a block size that is a positive multiple of
377 blcm, overriding the above adjustments. Watch out for
379 buf_size += blcm - 1;
380 buf_size -= buf_size % blcm;
381 if (buf_size == 0 || blcm_max < buf_size)
385 /* Make a buffer with space for a sentinel at the end. */
386 buf_alloc = xmalloc (buf_size + buf_alignment_slop);
387 buf = ptr_align (buf_alloc, buf_alignment);
393 ssize_t n_read = read (source_desc, buf, buf_size);
400 error (0, errno, _("reading %s"), quote (src_name));
402 goto close_src_and_dst_desc;
407 n_read_total += n_read;
413 buf[n_read] = 1; /* Sentinel to stop loop. */
415 /* Find first nonzero *word*, or the word with the sentinel. */
421 /* Find the first nonzero *byte*, or the sentinel. */
423 cp = (char *) (wp - 1);
427 if (cp <= buf + n_read)
428 /* Clear to indicate that a normal write is needed. */
432 /* We found the sentinel, so the whole input block was zero.
434 if (lseek (dest_desc, n_read, SEEK_CUR) < 0)
436 error (0, errno, _("cannot lseek %s"), quote (dst_name));
438 goto close_src_and_dst_desc;
440 last_write_made_hole = true;
447 if (full_write (dest_desc, buf, n) != n)
449 error (0, errno, _("writing %s"), quote (dst_name));
451 goto close_src_and_dst_desc;
453 last_write_made_hole = false;
455 /* A short read on a regular file means EOF. */
456 if (n_read != buf_size && S_ISREG (src_open_sb.st_mode))
461 /* If the file ends with a `hole', we need to do something to record
462 the length of the file. On modern systems, calling ftruncate does
463 the job. On systems without native ftruncate support, we have to
464 write a byte at the ending position. Otherwise the kernel would
465 truncate the file at the end of the last write operation. */
467 if (last_write_made_hole)
470 ? /* ftruncate sets the file size,
471 so there is no need for a write. */
472 ftruncate (dest_desc, n_read_total) < 0
473 : /* Seek backwards one character and write a null. */
474 (lseek (dest_desc, (off_t) -1, SEEK_CUR) < 0L
475 || full_write (dest_desc, "", 1) != 1))
477 error (0, errno, _("writing %s"), quote (dst_name));
479 goto close_src_and_dst_desc;
484 if (x->preserve_timestamps)
486 struct timespec timespec[2];
487 timespec[0] = get_stat_atime (src_sb);
488 timespec[1] = get_stat_mtime (src_sb);
490 if (futimens (dest_desc, dst_name, timespec) != 0)
492 error (0, errno, _("preserving times for %s"), quote (dst_name));
493 if (x->require_preserve)
496 goto close_src_and_dst_desc;
501 if (x->preserve_ownership && ! SAME_OWNER_AND_GROUP (*src_sb, sb))
503 if (! set_owner (x, dst_name, dest_desc, src_sb->st_uid, src_sb->st_gid))
506 goto close_src_and_dst_desc;
510 set_author (dst_name, dest_desc, src_sb);
512 if (x->preserve_mode || x->move_mode)
514 if (copy_acl (src_name, source_desc, dst_name, dest_desc,
515 src_sb->st_mode) != 0 && x->require_preserve)
518 else if (x->set_mode)
520 if (set_acl (dst_name, dest_desc, x->mode) != 0)
524 close_src_and_dst_desc:
525 if (close (dest_desc) < 0)
527 error (0, errno, _("closing %s"), quote (dst_name));
531 if (close (source_desc) < 0)
533 error (0, errno, _("closing %s"), quote (src_name));
541 /* Return true if it's ok that the source and destination
542 files are the `same' by some measure. The goal is to avoid
543 making the `copy' operation remove both copies of the file
544 in that case, while still allowing the user to e.g., move or
545 copy a regular file onto a symlink that points to it.
546 Try to minimize the cost of this function in the common case.
547 Set *RETURN_NOW if we've determined that the caller has no more
548 work to do and should return successfully, right away.
550 Set *UNLINK_SRC if we've determined that the caller wants to do
551 `rename (a, b)' where `a' and `b' are distinct hard links to the same
552 file. In that case, the caller should try to unlink `a' and then return
553 successfully. Ideally, we wouldn't have to do that, and we'd be
554 able to rely on rename to remove the source file. However, POSIX
555 mistakenly requires that such a rename call do *nothing* and return
559 same_file_ok (char const *src_name, struct stat const *src_sb,
560 char const *dst_name, struct stat const *dst_sb,
561 const struct cp_options *x, bool *return_now, bool *unlink_src)
563 const struct stat *src_sb_link;
564 const struct stat *dst_sb_link;
565 struct stat tmp_dst_sb;
566 struct stat tmp_src_sb;
569 bool same = SAME_INODE (*src_sb, *dst_sb);
574 /* FIXME: this should (at the very least) be moved into the following
575 if-block. More likely, it should be removed, because it inhibits
576 making backups. But removing it will result in a change in behavior
577 that will probably have to be documented -- and tests will have to
579 if (same && x->hard_link)
585 if (x->dereference == DEREF_NEVER)
589 /* If both the source and destination files are symlinks (and we'll
590 know this here IFF preserving symlinks), then it's ok -- as long
591 as they are distinct. */
592 if (S_ISLNK (src_sb->st_mode) && S_ISLNK (dst_sb->st_mode))
593 return ! same_name (src_name, dst_name);
595 src_sb_link = src_sb;
596 dst_sb_link = dst_sb;
603 if (lstat (dst_name, &tmp_dst_sb) != 0
604 || lstat (src_name, &tmp_src_sb) != 0)
607 src_sb_link = &tmp_src_sb;
608 dst_sb_link = &tmp_dst_sb;
610 same_link = SAME_INODE (*src_sb_link, *dst_sb_link);
612 /* If both are symlinks, then it's ok, but only if the destination
613 will be unlinked before being opened. This is like the test
614 above, but with the addition of the unlink_dest_before_opening
615 conjunct because otherwise, with two symlinks to the same target,
616 we'd end up truncating the source file. */
617 if (S_ISLNK (src_sb_link->st_mode) && S_ISLNK (dst_sb_link->st_mode)
618 && x->unlink_dest_before_opening)
622 /* The backup code ensures there's a copy, so it's usually ok to
623 remove any destination file. One exception is when both
624 source and destination are the same directory entry. In that
625 case, moving the destination file aside (in making the backup)
626 would also rename the source file and result in an error. */
627 if (x->backup_type != no_backups)
631 /* In copy mode when dereferencing symlinks, if the source is a
632 symlink and the dest is not, then backing up the destination
633 (moving it aside) would make it a dangling symlink, and the
634 subsequent attempt to open it in copy_reg would fail with
635 a misleading diagnostic. Avoid that by returning zero in
636 that case so the caller can make cp (or mv when it has to
637 resort to reading the source file) fail now. */
639 /* FIXME-note: even with the following kludge, we can still provoke
640 the offending diagnostic. It's just a little harder to do :-)
641 $ rm -f a b c; touch c; ln -s c b; ln -s b a; cp -b a b
642 cp: cannot open `a' for reading: No such file or directory
643 That's misleading, since a subsequent `ls' shows that `a'
645 One solution would be to open the source file *before* moving
646 aside the destination, but that'd involve a big rewrite. */
648 && x->dereference != DEREF_NEVER
649 && S_ISLNK (src_sb_link->st_mode)
650 && ! S_ISLNK (dst_sb_link->st_mode))
656 return ! same_name (src_name, dst_name);
660 /* FIXME: use or remove */
662 /* If we're making a backup, we'll detect the problem case in
663 copy_reg because SRC_NAME will no longer exist. Allowing
664 the test to be deferred lets cp do some useful things.
665 But when creating hardlinks and SRC_NAME is a symlink
666 but DST_NAME is not we must test anyway. */
668 || !S_ISLNK (src_sb_link->st_mode)
669 || S_ISLNK (dst_sb_link->st_mode))
672 if (x->dereference != DEREF_NEVER)
676 /* They may refer to the same file if we're in move mode and the
677 target is a symlink. That is ok, since we remove any existing
678 destination file before opening it -- via `rename' if they're on
679 the same file system, via `unlink (DST_NAME)' otherwise.
680 It's also ok if they're distinct hard links to the same file. */
681 if (x->move_mode || x->unlink_dest_before_opening)
683 if (S_ISLNK (dst_sb_link->st_mode))
687 && 1 < dst_sb_link->st_nlink
688 && ! same_name (src_name, dst_name))
699 /* If neither is a symlink, then it's ok as long as they aren't
700 hard links to the same file. */
701 if (!S_ISLNK (src_sb_link->st_mode) && !S_ISLNK (dst_sb_link->st_mode))
703 if (!SAME_INODE (*src_sb_link, *dst_sb_link))
706 /* If they are the same file, it's ok if we're making hard links. */
714 /* It's ok to remove a destination symlink. But that works only when we
715 unlink before opening the destination and when the source and destination
716 files are on the same partition. */
717 if (x->unlink_dest_before_opening
718 && S_ISLNK (dst_sb_link->st_mode))
719 return dst_sb_link->st_dev == src_sb_link->st_dev;
721 if (x->dereference == DEREF_NEVER)
723 if ( ! S_ISLNK (src_sb_link->st_mode))
724 tmp_src_sb = *src_sb_link;
725 else if (stat (src_name, &tmp_src_sb) != 0)
728 if ( ! S_ISLNK (dst_sb_link->st_mode))
729 tmp_dst_sb = *dst_sb_link;
730 else if (stat (dst_name, &tmp_dst_sb) != 0)
733 if ( ! SAME_INODE (tmp_src_sb, tmp_dst_sb))
736 /* FIXME: shouldn't this be testing whether we're making symlinks? */
748 overwrite_prompt (char const *dst_name, struct stat const *dst_sb)
750 if (euidaccess (dst_name, W_OK) != 0)
753 _("%s: overwrite %s, overriding mode %04lo? "),
754 program_name, quote (dst_name),
755 (unsigned long int) (dst_sb->st_mode & CHMOD_MODE_BITS));
759 fprintf (stderr, _("%s: overwrite %s? "),
760 program_name, quote (dst_name));
764 /* Hash an F_triple. */
766 triple_hash (void const *x, size_t table_size)
768 struct F_triple const *p = x;
770 /* Also take the name into account, so that when moving N hard links to the
771 same file (all listed on the command line) all into the same directory,
772 we don't experience any N^2 behavior. */
773 /* FIXME-maybe: is it worth the overhead of doing this
774 just to avoid N^2 in such an unusual case? N would have
775 to be very large to make the N^2 factor noticable, and
776 one would probably encounter a limit on the length of
777 a command line before it became a problem. */
778 size_t tmp = hash_pjw (p->name, table_size);
780 /* Ignoring the device number here should be fine. */
781 return (tmp | p->st_ino) % table_size;
784 /* Hash an F_triple. */
786 triple_hash_no_name (void const *x, size_t table_size)
788 struct F_triple const *p = x;
790 /* Ignoring the device number here should be fine. */
791 return p->st_ino % table_size;
794 /* Compare two F_triple structs. */
796 triple_compare (void const *x, void const *y)
798 struct F_triple const *a = x;
799 struct F_triple const *b = y;
800 return (SAME_INODE (*a, *b) && same_name (a->name, b->name)) ? true : false;
803 /* Free an F_triple. */
805 triple_free (void *x)
807 struct F_triple *a = x;
812 /* Initialize the hash table implementing a set of F_triple entries
813 corresponding to destination files. */
815 dest_info_init (struct cp_options *x)
818 = hash_initialize (DEST_INFO_INITIAL_CAPACITY,
825 /* Initialize the hash table implementing a set of F_triple entries
826 corresponding to source files listed on the command line. */
828 src_info_init (struct cp_options *x)
831 /* Note that we use triple_hash_no_name here.
832 Contrast with the use of triple_hash above.
833 That is necessary because a source file may be specified
834 in many different ways. We want to warn about this
840 = hash_initialize (DEST_INFO_INITIAL_CAPACITY,
847 /* Return true if there is an entry in hash table, HT,
848 for the file described by FILE and STATS. */
850 seen_file (Hash_table const *ht, char const *file,
851 struct stat const *stats)
853 struct F_triple new_ent;
858 new_ent.name = (char *) file;
859 new_ent.st_ino = stats->st_ino;
860 new_ent.st_dev = stats->st_dev;
862 return !!hash_lookup (ht, &new_ent);
865 /* Record destination file, FILE, and dev/ino from *STATS,
866 in the hash table, HT. If HT is NULL, return immediately.
867 If STATS is NULL, call lstat on FILE to get the device
868 and inode numbers. If that lstat fails, simply return.
869 If memory allocation fails, exit immediately. */
871 record_file (Hash_table *ht, char const *file,
872 struct stat const *stats)
874 struct F_triple *ent;
879 ent = xmalloc (sizeof *ent);
880 ent->name = xstrdup (file);
883 ent->st_ino = stats->st_ino;
884 ent->st_dev = stats->st_dev;
889 if (lstat (file, &sb) != 0)
891 ent->st_ino = sb.st_ino;
892 ent->st_dev = sb.st_dev;
896 struct F_triple *ent_from_table = hash_insert (ht, ent);
897 if (ent_from_table == NULL)
899 /* Insertion failed due to lack of memory. */
903 if (ent_from_table != ent)
905 /* There was alread a matching entry in the table, so ENT was
906 not inserted. Free it. */
912 /* When effecting a move (e.g., for mv(1)), and given the name DST_NAME
913 of the destination and a corresponding stat buffer, DST_SB, return
914 true if the logical `move' operation should _not_ proceed.
915 Otherwise, return false.
916 Depending on options specified in X, this code may issue an
917 interactive prompt asking whether it's ok to overwrite DST_NAME. */
919 abandon_move (const struct cp_options *x,
920 char const *dst_name,
921 struct stat const *dst_sb)
923 assert (x->move_mode);
924 return (x->interactive == I_ALWAYS_NO
925 || ((x->interactive == I_ASK_USER
926 || (x->interactive == I_UNSPECIFIED
928 && UNWRITABLE (dst_name, dst_sb->st_mode)))
929 && (overwrite_prompt (dst_name, dst_sb), 1)
933 /* Print --verbose output on standard output, e.g. `new' -> `old'.
934 If BACKUP_DST_NAME is non-NULL, then also indicate that it is
935 the name of a backup file. */
937 emit_verbose (char const *src, char const *dst, char const *backup_dst_name)
939 printf ("%s -> %s", quote_n (0, src), quote_n (1, dst));
941 printf (_(" (backup: %s)"), quote (backup_dst_name));
945 /* Copy the file SRC_NAME to the file DST_NAME. The files may be of
946 any type. NEW_DST should be true if the file DST_NAME cannot
947 exist because its parent directory was just created; NEW_DST should
948 be false if DST_NAME might already exist. DEVICE is the device
949 number of the parent directory, or 0 if the parent of this file is
950 not known. ANCESTORS points to a linked, null terminated list of
951 devices and inodes of parent directories of SRC_NAME. COMMAND_LINE_ARG
952 is true iff SRC_NAME was specified on the command line.
953 Set *COPY_INTO_SELF if SRC_NAME is a parent of (or the
954 same as) DST_NAME; otherwise, clear it.
955 Return true if successful. */
957 copy_internal (char const *src_name, char const *dst_name,
960 struct dir_list *ancestors,
961 const struct cp_options *x,
962 bool command_line_arg,
963 bool *copy_into_self,
964 bool *rename_succeeded)
969 mode_t dst_mode IF_LINT (= 0);
970 bool restore_dst_mode = false;
971 char *earlier_file = NULL;
972 char *dst_backup = NULL;
973 bool backup_succeeded = false;
975 bool copied_as_regular = false;
976 bool preserve_metadata;
978 if (x->move_mode && rename_succeeded)
979 *rename_succeeded = false;
981 *copy_into_self = false;
983 if (XSTAT (x, src_name, &src_sb) != 0)
985 error (0, errno, _("cannot stat %s"), quote (src_name));
989 src_mode = src_sb.st_mode;
991 if (S_ISDIR (src_mode) && !x->recursive)
993 error (0, 0, _("omitting directory %s"), quote (src_name));
997 /* Detect the case in which the same source file appears more than
998 once on the command line and no backup option has been selected.
999 If so, simply warn and don't copy it the second time.
1000 This check is enabled only if x->src_info is non-NULL. */
1001 if (command_line_arg)
1003 if ( ! S_ISDIR (src_sb.st_mode)
1004 && x->backup_type == no_backups
1005 && seen_file (x->src_info, src_name, &src_sb))
1007 error (0, 0, _("warning: source file %s specified more than once"),
1012 record_file (x->src_info, src_name, &src_sb);
1017 if (XSTAT (x, dst_name, &dst_sb) != 0)
1019 if (errno != ENOENT)
1021 error (0, errno, _("cannot stat %s"), quote (dst_name));
1030 { /* Here, we know that dst_name exists, at least to the point
1031 that it is XSTAT'able. */
1035 if (! same_file_ok (src_name, &src_sb, dst_name, &dst_sb,
1036 x, &return_now, &unlink_src))
1038 error (0, 0, _("%s and %s are the same file"),
1039 quote_n (0, src_name), quote_n (1, dst_name));
1043 /* When there is an existing destination file, we may end up
1044 returning early, and hence not copying/moving the file.
1045 This may be due to an interactive `negative' reply to the
1046 prompt about the existing file. It may also be due to the
1047 use of the --reply=no option.
1049 cp and mv treat -i and -f differently. */
1052 if (abandon_move (x, dst_name, &dst_sb)
1053 || (unlink_src && unlink (src_name) == 0))
1055 /* Pretend the rename succeeded, so the caller (mv)
1056 doesn't end up removing the source file. */
1057 if (rename_succeeded)
1058 *rename_succeeded = true;
1059 if (unlink_src && x->verbose)
1060 printf (_("removed %s\n"), quote (src_name));
1065 error (0, errno, _("cannot remove %s"), quote (src_name));
1071 if (! S_ISDIR (src_mode)
1072 && (x->interactive == I_ALWAYS_NO
1073 || (x->interactive == I_ASK_USER
1074 && (overwrite_prompt (dst_name, &dst_sb), 1)
1082 if (!S_ISDIR (dst_sb.st_mode))
1084 if (S_ISDIR (src_mode))
1086 if (x->move_mode && x->backup_type != no_backups)
1088 /* Moving a directory onto an existing
1089 non-directory is ok only with --backup. */
1094 _("cannot overwrite non-directory %s with directory %s"),
1095 quote_n (0, dst_name), quote_n (1, src_name));
1100 /* Don't let the user destroy their data, even if they try hard:
1101 This mv command must fail (likewise for cp):
1102 rm -rf a b c; mkdir a b c; touch a/f b/f; mv a/f b/f c
1103 Otherwise, the contents of b/f would be lost.
1104 In the case of `cp', b/f would be lost if the user simulated
1105 a move using cp and rm.
1106 Note that it works fine if you use --backup=numbered. */
1107 if (command_line_arg
1108 && x->backup_type != numbered_backups
1109 && seen_file (x->dest_info, dst_name, &dst_sb))
1112 _("will not overwrite just-created %s with %s"),
1113 quote_n (0, dst_name), quote_n (1, src_name));
1118 if (!S_ISDIR (src_mode))
1120 if (S_ISDIR (dst_sb.st_mode))
1122 if (x->move_mode && x->backup_type != no_backups)
1124 /* Moving a non-directory onto an existing
1125 directory is ok only with --backup. */
1130 _("cannot overwrite directory %s with non-directory"),
1138 /* When preserving time stamps (but not moving within a file
1139 system), don't worry if the destination time stamp is
1140 less than the source merely because of time stamp
1142 int options = ((x->preserve_timestamps
1144 && dst_sb.st_dev == src_sb.st_dev))
1145 ? UTIMECMP_TRUNCATE_SOURCE
1148 if (0 <= utimecmp (dst_name, &dst_sb, &src_sb, options))
1150 /* We're using --update and the destination is not older
1151 than the source, so do not copy or move. Pretend the
1152 rename succeeded, so the caller (if it's mv) doesn't
1153 end up removing the source file. */
1154 if (rename_succeeded)
1155 *rename_succeeded = true;
1163 /* Don't allow user to move a directory onto a non-directory. */
1164 if (S_ISDIR (src_sb.st_mode) && !S_ISDIR (dst_sb.st_mode)
1165 && x->backup_type == no_backups)
1168 _("cannot move directory onto non-directory: %s -> %s"),
1169 quote_n (0, src_name), quote_n (0, dst_name));
1174 if (x->backup_type != no_backups
1175 /* Don't try to back up a destination if the last
1176 component of src_name is "." or "..". */
1177 && ! dot_or_dotdot (last_component (src_name))
1178 /* Create a backup of each destination directory in move mode,
1179 but not in copy mode. FIXME: it might make sense to add an
1180 option to suppress backup creation also for move mode.
1181 That would let one use mv to merge new content into an
1182 existing hierarchy. */
1183 && (x->move_mode || ! S_ISDIR (dst_sb.st_mode)))
1185 char *tmp_backup = find_backup_file_name (dst_name,
1188 /* Detect (and fail) when creating the backup file would
1189 destroy the source file. Before, running the commands
1190 cd /tmp; rm -f a a~; : > a; echo A > a~; cp --b=simple a~ a
1191 would leave two zero-length files: a and a~. */
1192 /* FIXME: but simply change e.g., the final a~ to `./a~'
1193 and the source will still be destroyed. */
1194 if (STREQ (tmp_backup, src_name))
1198 ? _("backing up %s would destroy source; %s not moved")
1199 : _("backing up %s would destroy source; %s not copied"));
1201 quote_n (0, dst_name),
1202 quote_n (1, src_name));
1208 Using alloca for a file name that may be arbitrarily
1209 long is not recommended. In fact, even forming such a name
1210 should be discouraged. Eventually, this code will be rewritten
1211 to use fts, so using alloca here will be less of a problem. */
1212 ASSIGN_STRDUPA (dst_backup, tmp_backup);
1214 if (rename (dst_name, dst_backup) != 0)
1216 if (errno != ENOENT)
1218 error (0, errno, _("cannot backup %s"), quote (dst_name));
1228 backup_succeeded = true;
1232 else if (! S_ISDIR (dst_sb.st_mode)
1233 && (x->unlink_dest_before_opening
1234 || (x->preserve_links && 1 < dst_sb.st_nlink)
1236 && x->dereference == DEREF_NEVER
1237 && S_ISLNK (src_sb.st_mode))
1240 if (unlink (dst_name) != 0 && errno != ENOENT)
1242 error (0, errno, _("cannot remove %s"), quote (dst_name));
1247 printf (_("removed %s\n"), quote (dst_name));
1252 /* If the source is a directory, we don't always create the destination
1253 directory. So --verbose should not announce anything until we're
1254 sure we'll create a directory. */
1255 if (x->verbose && !S_ISDIR (src_mode))
1256 emit_verbose (src_name, dst_name, backup_succeeded ? dst_backup : NULL);
1258 /* Associate the destination file name with the source device and inode
1259 so that if we encounter a matching dev/ino pair in the source tree
1260 we can arrange to create a hard link between the corresponding names
1261 in the destination tree.
1263 Sometimes, when preserving links, we have to record dev/ino even
1264 though st_nlink == 1:
1265 - when in move_mode, since we may be moving a group of N hard-linked
1266 files (via two or more command line arguments) to a different
1267 partition; the links may be distributed among the command line
1268 arguments (possibly hierarchies) so that the link count of
1269 the final, once-linked source file is reduced to 1 when it is
1270 considered below. But in this case (for mv) we don't need to
1271 incur the expense of recording the dev/ino => name mapping; all we
1272 really need is a lookup, to see if the dev/ino pair has already
1274 - when using -H and processing a command line argument;
1275 that command line argument could be a symlink pointing to another
1276 command line argument. With `cp -H --preserve=link', we hard-link
1277 those two destination files.
1278 - likewise for -L except that it applies to all files, not just
1279 command line arguments.
1281 Also record directory dev/ino when using --recursive. We'll use that
1282 info to detect this problem: cp -R dir dir. FIXME-maybe: ideally,
1283 directory info would be recorded in a separate hash table, since
1284 such entries are useful only while a single command line hierarchy
1285 is being copied -- so that separate table could be cleared between
1286 command line args. Using the same hash table to preserve hard
1287 links means that it may not be cleared. */
1289 if (x->move_mode && src_sb.st_nlink == 1)
1291 earlier_file = src_to_dest_lookup (src_sb.st_ino, src_sb.st_dev);
1293 else if ((x->preserve_links
1294 && (1 < src_sb.st_nlink
1295 || (command_line_arg
1296 && x->dereference == DEREF_COMMAND_LINE_ARGUMENTS)
1297 || x->dereference == DEREF_ALWAYS))
1298 || (x->recursive && S_ISDIR (src_mode)))
1300 earlier_file = remember_copied (dst_name, src_sb.st_ino, src_sb.st_dev);
1303 /* Did we copy this inode somewhere else (in this command line argument)
1304 and therefore this is a second hard link to the inode? */
1308 /* Avoid damaging the destination file system by refusing to preserve
1309 hard-linked directories (which are found at least in Netapp snapshot
1311 if (S_ISDIR (src_mode))
1313 /* If src_name and earlier_file refer to the same directory entry,
1314 then warn about copying a directory into itself. */
1315 if (same_name (src_name, earlier_file))
1317 error (0, 0, _("cannot copy a directory, %s, into itself, %s"),
1318 quote_n (0, top_level_src_name),
1319 quote_n (1, top_level_dst_name));
1320 *copy_into_self = true;
1323 else if (x->dereference == DEREF_ALWAYS)
1325 /* This happens when e.g., encountering a directory for the
1326 second or subsequent time via symlinks when cp is invoked
1327 with -R and -L. E.g.,
1328 rm -rf a b c d; mkdir a b c d; ln -s ../c a; ln -s ../c b;
1334 error (0, 0, _("will not create hard link %s to directory %s"),
1335 quote_n (0, dst_name), quote_n (1, earlier_file));
1341 bool link_failed = (link (earlier_file, dst_name) != 0);
1343 /* If the link failed because of an existing destination,
1344 remove that file and then call link again. */
1345 if (link_failed && errno == EEXIST)
1347 if (unlink (dst_name) != 0)
1349 error (0, errno, _("cannot remove %s"), quote (dst_name));
1353 printf (_("removed %s\n"), quote (dst_name));
1354 link_failed = (link (earlier_file, dst_name) != 0);
1359 error (0, errno, _("cannot create hard link %s to %s"),
1360 quote_n (0, dst_name), quote_n (1, earlier_file));
1370 if (rename (src_name, dst_name) == 0)
1372 if (x->verbose && S_ISDIR (src_mode))
1373 emit_verbose (src_name, dst_name,
1374 backup_succeeded ? dst_backup : NULL);
1376 if (rename_succeeded)
1377 *rename_succeeded = true;
1379 if (command_line_arg)
1381 /* Record destination dev/ino/name, so that if we are asked
1382 to overwrite that file again, we can detect it and fail. */
1383 /* It's fine to use the _source_ stat buffer (src_sb) to get the
1384 _destination_ dev/ino, since the rename above can't have
1385 changed those, and `mv' always uses lstat.
1386 We could limit it further by operating
1387 only on non-directories. */
1388 record_file (x->dest_info, dst_name, &src_sb);
1394 /* FIXME: someday, consider what to do when moving a directory into
1395 itself but when source and destination are on different devices. */
1397 /* This happens when attempting to rename a directory to a
1398 subdirectory of itself. */
1399 if (errno == EINVAL)
1401 /* FIXME: this is a little fragile in that it relies on rename(2)
1402 failing with a specific errno value. Expect problems on
1403 non-POSIX systems. */
1404 error (0, 0, _("cannot move %s to a subdirectory of itself, %s"),
1405 quote_n (0, top_level_src_name),
1406 quote_n (1, top_level_dst_name));
1408 /* Note that there is no need to call forget_created here,
1409 (compare with the other calls in this file) since the
1410 destination directory didn't exist before. */
1412 *copy_into_self = true;
1413 /* FIXME-cleanup: Don't return true here; adjust mv.c accordingly.
1414 The only caller that uses this code (mv.c) ends up setting its
1415 exit status to nonzero when copy_into_self is nonzero. */
1419 /* WARNING: there probably exist systems for which an inter-device
1420 rename fails with a value of errno not handled here.
1421 If/as those are reported, add them to the condition below.
1422 If this happens to you, please do the following and send the output
1423 to the bug-reporting address (e.g., in the output of cp --help):
1424 touch k; perl -e 'rename "k","/tmp/k" or print "$!(",$!+0,")\n"'
1425 where your current directory is on one partion and /tmp is the other.
1426 Also, please try to find the E* errno macro name corresponding to
1427 the diagnostic and parenthesized integer, and include that in your
1428 e-mail. One way to do that is to run a command like this
1429 find /usr/include/. -type f \
1430 | xargs grep 'define.*\<E[A-Z]*\>.*\<18\>' /dev/null
1431 where you'd replace `18' with the integer in parentheses that
1432 was output from the perl one-liner above.
1433 If necessary, of course, change `/tmp' to some other directory. */
1436 /* There are many ways this can happen due to a race condition.
1437 When something happens between the initial XSTAT and the
1438 subsequent rename, we can get many different types of errors.
1439 For example, if the destination is initially a non-directory
1440 or non-existent, but it is created as a directory, the rename
1441 fails. If two `mv' commands try to rename the same file at
1442 about the same time, one will succeed and the other will fail.
1443 If the permissions on the directory containing the source or
1444 destination file are made too restrictive, the rename will
1447 _("cannot move %s to %s"),
1448 quote_n (0, src_name), quote_n (1, dst_name));
1449 forget_created (src_sb.st_ino, src_sb.st_dev);
1453 /* The rename attempt has failed. Remove any existing destination
1454 file so that a cross-device `mv' acts as if it were really using
1455 the rename syscall. */
1456 if (unlink (dst_name) != 0 && errno != ENOENT)
1459 _("inter-device move failed: %s to %s; unable to remove target"),
1460 quote_n (0, src_name), quote_n (1, dst_name));
1461 forget_created (src_sb.st_ino, src_sb.st_dev);
1470 /* In certain modes (cp's --symbolic-link), and for certain file types
1471 (symlinks and hard links) it doesn't make sense to preserve metadata,
1472 or it's possible to preserve only some of it.
1473 In such cases, set this variable to zero. */
1474 preserve_metadata = true;
1476 if (S_ISDIR (src_mode))
1478 struct dir_list *dir;
1480 /* If this directory has been copied before during the
1481 recursion, there is a symbolic link to an ancestor
1482 directory of the symbolic link. It is impossible to
1483 continue to copy this, unless we've got an infinite disk. */
1485 if (is_ancestor (&src_sb, ancestors))
1487 error (0, 0, _("cannot copy cyclic symbolic link %s"),
1492 /* Insert the current directory in the list of parents. */
1494 dir = alloca (sizeof *dir);
1495 dir->parent = ancestors;
1496 dir->ino = src_sb.st_ino;
1497 dir->dev = src_sb.st_dev;
1499 if (new_dst || !S_ISDIR (dst_sb.st_mode))
1501 /* POSIX says mkdir's behavior is implementation-defined when
1502 (src_mode & ~S_IRWXUGO) != 0. However, common practice is
1503 to ask mkdir to copy all the CHMOD_MODE_BITS, letting mkdir
1504 decide what to do with S_ISUID | S_ISGID | S_ISVTX. */
1505 if (mkdir (dst_name, src_mode & CHMOD_MODE_BITS) != 0)
1507 error (0, errno, _("cannot create directory %s"),
1512 /* We need search and write permissions to the new directory
1513 for writing the directory's contents. Check if these
1514 permissions are there. */
1516 if (lstat (dst_name, &dst_sb) != 0)
1518 error (0, errno, _("cannot stat %s"), quote (dst_name));
1521 else if ((dst_sb.st_mode & S_IRWXU) != S_IRWXU)
1523 /* Make the new directory searchable and writable. */
1525 dst_mode = dst_sb.st_mode;
1526 restore_dst_mode = true;
1528 if (lchmod (dst_name, dst_mode | S_IRWXU) != 0)
1530 error (0, errno, _("setting permissions for %s"),
1536 /* Insert the created directory's inode and device
1537 numbers into the search structure, so that we can
1538 avoid copying it again. */
1540 remember_copied (dst_name, dst_sb.st_ino, dst_sb.st_dev);
1543 emit_verbose (src_name, dst_name, NULL);
1546 /* Are we crossing a file system boundary? */
1547 if (x->one_file_system && device != 0 && device != src_sb.st_dev)
1550 /* Copy the contents of the directory. */
1552 if (! copy_dir (src_name, dst_name, new_dst, &src_sb, dir, x,
1555 /* Don't just return here -- otherwise, the failure to read a
1556 single file in a source directory would cause the containing
1557 destination directory not to have owner/perms set properly. */
1561 else if (x->symbolic_link)
1563 preserve_metadata = false;
1565 if (*src_name != '/')
1567 /* Check that DST_NAME denotes a file in the current directory. */
1569 struct stat dst_parent_sb;
1571 bool in_current_dir;
1573 dst_parent = dir_name (dst_name);
1575 in_current_dir = (STREQ (".", dst_parent)
1576 /* If either stat call fails, it's ok not to report
1577 the failure and say dst_name is in the current
1578 directory. Other things will fail later. */
1579 || stat (".", &dot_sb) != 0
1580 || stat (dst_parent, &dst_parent_sb) != 0
1581 || SAME_INODE (dot_sb, dst_parent_sb));
1584 if (! in_current_dir)
1587 _("%s: can make relative symbolic links only in current directory"),
1592 if (symlink (src_name, dst_name) != 0)
1594 error (0, errno, _("cannot create symbolic link %s to %s"),
1595 quote_n (0, dst_name), quote_n (1, src_name));
1600 else if (x->hard_link
1601 #ifdef LINK_FOLLOWS_SYMLINKS
1602 /* A POSIX-conforming link syscall dereferences a symlink, yet cp,
1603 invoked with `--link --no-dereference', should not. Thus, with
1604 a POSIX-conforming link system call, we can't use link() here,
1605 since that would create a hard link to the referent (effectively
1606 dereferencing the symlink), rather than to the symlink itself.
1607 We can approximate the desired behavior by skipping this hard-link
1608 creating block and instead copying the symlink, via the `S_ISLNK'-
1610 When link operates on the symlinks themselves, we use this block
1611 and just call link(). */
1612 && !(S_ISLNK (src_mode) && x->dereference == DEREF_NEVER)
1616 preserve_metadata = false;
1617 if (link (src_name, dst_name))
1619 error (0, errno, _("cannot create link %s"), quote (dst_name));
1623 else if (S_ISREG (src_mode)
1624 || (x->copy_as_regular && !S_ISLNK (src_mode)))
1626 copied_as_regular = true;
1627 /* POSIX says the permission bits of the source file must be
1628 used as the 3rd argument in the open call. Historical
1629 practice passed all the source mode bits to 'open', but the extra
1630 bits were ignored, so it should be the same either way. */
1631 if (! copy_reg (src_name, dst_name, x, src_mode & S_IRWXUGO,
1635 else if (S_ISFIFO (src_mode))
1637 if (mknod (dst_name, src_mode, 0) != 0)
1639 error (0, errno, _("cannot create fifo %s"), quote (dst_name));
1643 else if (S_ISBLK (src_mode) || S_ISCHR (src_mode) || S_ISSOCK (src_mode))
1645 if (mknod (dst_name, src_mode, src_sb.st_rdev) != 0)
1647 error (0, errno, _("cannot create special file %s"),
1652 else if (S_ISLNK (src_mode))
1654 char *src_link_val = xreadlink (src_name, src_sb.st_size);
1655 if (src_link_val == NULL)
1657 error (0, errno, _("cannot read symbolic link %s"), quote (src_name));
1661 if (symlink (src_link_val, dst_name) == 0)
1662 free (src_link_val);
1665 int saved_errno = errno;
1666 bool same_link = false;
1667 if (x->update && !new_dst && S_ISLNK (dst_sb.st_mode)
1668 && dst_sb.st_size == strlen (src_link_val))
1670 /* See if the destination is already the desired symlink.
1671 FIXME: This behavior isn't documented, and seems wrong
1672 in some cases, e.g., if the destination symlink has the
1673 wrong ownership, permissions, or time stamps. */
1674 char *dest_link_val = xreadlink (dst_name, dst_sb.st_size);
1675 if (STREQ (dest_link_val, src_link_val))
1677 free (dest_link_val);
1679 free (src_link_val);
1683 error (0, saved_errno, _("cannot create symbolic link %s"),
1689 /* There's no need to preserve timestamps or permissions. */
1690 preserve_metadata = false;
1692 if (x->preserve_ownership)
1694 /* Preserve the owner and group of the just-`copied'
1695 symbolic link, if possible. */
1697 if (lchown (dst_name, src_sb.st_uid, src_sb.st_gid) != 0
1698 && ! chown_failure_ok (x))
1700 error (0, errno, _("failed to preserve ownership for %s"),
1705 /* Can't preserve ownership of symlinks.
1706 FIXME: maybe give a warning or even error for symlinks
1707 in directories with the sticky bit set -- there, not
1708 preserving owner/group is a potential security problem. */
1714 error (0, 0, _("%s has unknown file type"), quote (src_name));
1718 if (command_line_arg)
1719 record_file (x->dest_info, dst_name, NULL);
1721 if ( ! preserve_metadata)
1724 if (copied_as_regular)
1727 /* POSIX says that `cp -p' must restore the following:
1729 - setuid, setgid bits
1731 If it fails to restore any of those, we may give a warning but
1732 the destination must not be removed.
1733 FIXME: implement the above. */
1735 /* Adjust the times (and if possible, ownership) for the copy.
1736 chown turns off set[ug]id bits for non-root,
1737 so do the chmod last. */
1739 if (x->preserve_timestamps)
1741 struct timespec timespec[2];
1742 timespec[0] = get_stat_atime (&src_sb);
1743 timespec[1] = get_stat_mtime (&src_sb);
1745 if (utimens (dst_name, timespec) != 0)
1747 error (0, errno, _("preserving times for %s"), quote (dst_name));
1748 if (x->require_preserve)
1753 /* Avoid calling chown if we know it's not necessary. */
1754 if (x->preserve_ownership
1755 && (new_dst || !SAME_OWNER_AND_GROUP (src_sb, dst_sb)))
1757 if (! set_owner (x, dst_name, -1, src_sb.st_uid, src_sb.st_gid))
1761 set_author (dst_name, -1, &src_sb);
1763 if (x->preserve_mode || x->move_mode)
1765 if (copy_acl (src_name, -1, dst_name, -1, src_mode) != 0
1766 && x->require_preserve)
1769 else if (x->set_mode)
1771 if (set_acl (dst_name, -1, x->mode) != 0)
1774 else if (restore_dst_mode)
1776 if (lchmod (dst_name, dst_mode) != 0)
1778 error (0, errno, _("preserving permissions for %s"),
1780 if (x->require_preserve)
1789 /* We have failed to create the destination file.
1790 If we've just added a dev/ino entry via the remember_copied
1791 call above (i.e., unless we've just failed to create a hard link),
1792 remove the entry associating the source dev/ino with the
1793 destination file name, so we don't try to `preserve' a link
1794 to a file we didn't create. */
1795 if (earlier_file == NULL)
1796 forget_created (src_sb.st_ino, src_sb.st_dev);
1800 if (rename (dst_backup, dst_name) != 0)
1801 error (0, errno, _("cannot un-backup %s"), quote (dst_name));
1805 printf (_("%s -> %s (unbackup)\n"),
1806 quote_n (0, dst_backup), quote_n (1, dst_name));
1813 valid_options (const struct cp_options *co)
1815 assert (co != NULL);
1816 assert (VALID_BACKUP_TYPE (co->backup_type));
1817 assert (VALID_SPARSE_MODE (co->sparse_mode));
1818 assert (!(co->hard_link && co->symbolic_link));
1822 /* Copy the file SRC_NAME to the file DST_NAME. The files may be of
1823 any type. NONEXISTENT_DST should be true if the file DST_NAME
1824 is known not to exist (e.g., because its parent directory was just
1825 created); NONEXISTENT_DST should be false if DST_NAME might already
1826 exist. OPTIONS is ... FIXME-describe
1827 Set *COPY_INTO_SELF if SRC_NAME is a parent of (or the
1828 same as) DST_NAME; otherwise, set clear it.
1829 Return true if successful. */
1832 copy (char const *src_name, char const *dst_name,
1833 bool nonexistent_dst, const struct cp_options *options,
1834 bool *copy_into_self, bool *rename_succeeded)
1836 assert (valid_options (options));
1838 /* Record the file names: they're used in case of error, when copying
1839 a directory into itself. I don't like to make these tools do *any*
1840 extra work in the common case when that work is solely to handle
1841 exceptional cases, but in this case, I don't see a way to derive the
1842 top level source and destination directory names where they're used.
1843 An alternative is to use COPY_INTO_SELF and print the diagnostic
1844 from every caller -- but I don't want to do that. */
1845 top_level_src_name = src_name;
1846 top_level_dst_name = dst_name;
1848 return copy_internal (src_name, dst_name, nonexistent_dst, 0, NULL,
1849 options, true, copy_into_self, rename_succeeded);
1852 /* Return true if this process has appropriate privileges to chown a
1853 file whose owner is not the effective user ID. */
1856 chown_privileges (void)
1858 #ifdef PRIV_FILE_CHOWN
1860 priv_set_t *pset = priv_allocset ();
1863 result = (getppriv (PRIV_EFFECTIVE, pset) == 0
1864 && priv_ismember (pset, PRIV_FILE_CHOWN));
1865 priv_freeset (pset);
1868 return (geteuid () == 0);
1872 /* Return true if it's OK for chown to fail, where errno is
1873 the error number that chown failed with and X is the copying
1877 chown_failure_ok (struct cp_options const *x)
1879 /* If non-root uses -p, it's ok if we can't preserve ownership.
1880 But root probably wants to know, e.g. if NFS disallows it,
1881 or if the target system doesn't support file ownership. */
1883 return ((errno == EPERM || errno == EINVAL) && !x->chown_privileges);