[Samba] Q: how to collect user/group-names

Tue Sep 25 15:21:35 GMT 2007

On Tue, 25 Sep 2007 08:45:37 -0400
Toby Bluhm <tkbsmb at MidwestInstruments.com> wrote:

> Chris Osicki wrote:
> >> On 9/24/07, Chris Osicki <osk at admin.swisscom-mobile.ch> wrote:
> >>     
> >>> Hi
> >>>
> >>> Sorry if it's not 100% appropriate for this list, cannot think of better
> >>> place to find people with lots of know-how from Unix and Windows.
> >>> I'm currently working on replacing EMC's Celerra file servers by Linux/Samba.
> >>> The SID to UID/GID mapping table on Celerra is very large, ~50'000 entries
> >>> and I don't want to pollute my LDAP server with all this (using winbind with
> >>> LDAP back-end). Most of those entries are there for historical reasons and are
> >>> just useless.
> >>> Now my question: does anybody know a tool working under Windows to scan a
> >>> filesystem and collect all usernames/groupnames (or SIDS) used?
> >>> Any Samba's tool having this capability?
> >>>
> >>> Thanks for your time.
> >>>
> >>> Regards,
> >>> Chris
> >>>       
> >> Chris,
> >>
> >> Easy. Find is your friend. It can find anything and do whatever with
> >> the results.
> >>
> >> find /tmp/ -type f -printf "%U \n" | sort | uniq > uids.txt
> >> find /tmp/ -type f -printf "%G \n" | sort | uniq > gids.txt
> >>
> >> If you know the uid's and gid's + you got the mappings, it's easy to
> >> know which sid's you (don't) need.
> >>
> >> --
> >> Frank Van Damme
> >>
> >> A: Because it destroys the flow of the conversation
> >> Q: Why is it bad?
> >> A: No, it's bad.
> >> Q: Should I top post in replies to mails or on usenet?
> >>     
> >
> > Frank, 
> >
> > thanks for your quick answer.
> > Unfortunately it's not what I'm looking for.
> > I want to find out what users or groups have been given 
> > any rights on a file or directory. In other words I want 
> > to collect user/group-names from ACL's. Or if you want, 
> > collect those information which you would see when under 
> > Windows you right click on a file/directory and select 
> > properties/security.
> > And I'm looking for a way of do it "automaticaly".
> > A sort of Windows "getfacl -R".
> >
> > Thanks for your time.
> >
> > Regards,
> > Chris
> >   
> 
> I don't know how useful this would be as it's just a raw listing of all 
> files & dirs with associated acls. It would need more massaging for any 
> sort of scripted restore or data extract.
> 
> Install gnuwin32 utils form sourceforge
> Install xcacls.exe from MS Resource Tools
> 
> c:\path\to\gnuwin32\bin\find.exe X:\ > c:\temp\find.log
> for /f "usebackq delims==" %i in (`type c:\temp\find.log`) do 
> @xcacls.exe "%i" >> c:\temp\xcacls.log
> 
> 
> -- 
> Toby Bluhm
> Midwest Instruments Inc.
> 30825 Aurora Road Suite 100
> Solon Ohio 44139
> 440-424-2250
> 

A Windows admin run "cacls /T /C" on every share I'm interested in.
Just about to have a look at the resulting file...

Thanks and regards,
Chris
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 