[Samba] permissions not transferred using robocopy, xxcopy, net share migrate shares

John H Terpstra jht at Samba.Org
Sat May 14 16:15:59 GMT 2005 

Tom,

Thanks for the feedback. I will make sure that some of the information in your 
email gets into the documentation. The implementation and use of ACLs with 
UNIX/Linux is very complex. The OS, the file system, the implementation of 
the file system, and the compilation of Samba, must all support ACLs.

As you explore the use of ACLs it becomes apparent that many smb.conf 
parameters can affect the behavior of ACLs. For example, the default create 
mask can really mess things up on some systems.

I am working to complete the second edition of the HOWTO this week-end. Your 
input is timely. Thanks.

- John T.

On Saturday 14 May 2005 09:53, Tom Wolfe wrote:
> Hello:
>
> I've been working for a few days on getting a FreeBSD 5.3 server up and
> running as a samba data backup server.
>
> My goal is to schedule periodic backups of our file server. After reading
> recommendations (e.g. by Mr. Terpstra) I've focused my attempts aroung
> robocopy, xxcopy, net rpc share migrate shares.
>
> However, I'm running into stumbling blocks that seem to involve a problem
> with permissions to write to ACLs -- but only when trying to transfer files
> from Windows to Samba.
>
> Before you pass this by as another "can't change ACLs" post: YES, using
> Windows Explorer I CAN add files, view & change ACLs, etc to the samba
> share folders/files (see bottom of this message to see what I can do so
> far) as user DOMAIN\administrator. I've also tried forcing user as root (in
> smb.conf) to see if that would work (it doesn't).
>
> ROBOCOPY
> ========
> C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall
>
> gives me the following:
> 	                   3	C:\temp\
> 2005/05/14 09:20:24 ERROR 5 (0x00000005) Copying NTFS Security to
> Destination Directory C:\temp\
> Access is denied.
>
> XXCOPY
> ======
> C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall
>
> Gives me no errors; however, ACLs are lost (Everyone, root, wheel show up;
> nothing else does)
>
> Net rpc share migrate shares
> ============================
> This looks like a REALLY cool way to accomplish what I want to do; however,
>
> % net rpc share migrate shares Scanned -S srv02 -U Administrator%Power832
>
> gives me the following error:
>
> migrating: [Scanned], path: D:\SPub\Scanned Images, comment: , without
> share-ACLs
> cannot add share: WERR_ACCESS_DENIED
>
> (same thing happens if I include acls in the migration)
>
> Any suggestions?
>
> Regards,
> Tom Wolfe
>
> My smb.conf file:
>
> [global]
>         winbindusedefaultdomain   = Yes
>         addsharecommand           =
> /usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
>         deletesharecommand        =
> /usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
>         passwordserver            = PDCSERVER
>         idmapuid                  = 10000-100000
>         winbindcachetime          = 3600
>         realm                     = DOMAIN.COM
>         templatehomedir           = /home/%U
>         winbindnestedgroups       = Yes
>         allowtrusteddomains       = No
>         workgroup                 = DOMAIN
>         changesharecommand        =
> /usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
>         idmapbackend              = idmap_rid:DOMAIN =10000-100000
>         templateshell             = /bin/sh
>         winbindseparator          = +
>         security                  = ADS
>         idmapgid                  = 10000-100000
>         log level = 3
>         max log size = 0
>         log file = /var/log/samba/PDCSERVER.log
>
>  [backup]
>         adminusers                = administrator
>         readonly                  = no
>         writable                  = yes
>         path                      = /home/backup
>
>
> ==========
> Note: Much of my search discovered many posts similar to my own questions
> that were answered by exhortations to RTFM or "search the list archives!",
> or (usually) plain silence ... well, I followed the advice and found it
> wasn't at all easy--but these caveats did at least keep me from making a
> plea for help until now!
>
> For other users struggling to get this done (FreeBSD, Samba, ACLs,
> copying/backing up from Windows to FreeBSD), the progress I've made so far
> has been helped by:
>
> - Samba official How-to & list archives, of course...
> - a good, simple how-to at
> http://web.irtnog.org/Members/xenophon/freebsd/winbind as a guideline for
> setting up samba with ACLs on FreeBSD 5.3...
>
> - To get ACLs working: FreeBSD 5.1+, which uses UFS2 by default, requires
> "tunefs -a enable /usr" (or replace /usr with the whatever you want to add
> acl support to; add it to /etc/rc and reboot if you're doing it remotely)
> to set my /usr file system up for ACLs...; lower than 5.1 apparently
> requires additional kernel configuration entries:
> options         UFS_EXTATTR
> options         UFS_EXTATTR_AUTOSTART
> .. see NOTES, see FreeBSD how-tos on rebuilding kernel (super simple); see.
> http://nixdoc.net/man-pages/FreeBSD/man7/ffs.7.html
>
> - after some struggle I can now modify ACLs from windows & setfacl --
> change permissions, add misc. users, etc.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list