[Samba] Q: how to collect user/group-names
Chris Osicki
osk at admin.swisscom-mobile.ch
Tue Sep 25 15:21:35 GMT 2007
On Tue, 25 Sep 2007 08:45:37 -0400
Toby Bluhm <tkbsmb at MidwestInstruments.com> wrote:
> Chris Osicki wrote:
> >> On 9/24/07, Chris Osicki <osk at admin.swisscom-mobile.ch> wrote:
> >>
> >>> Hi
> >>>
> >>> Sorry if it's not 100% appropriate for this list, cannot think of better
> >>> place to find people with lots of know-how from Unix and Windows.
> >>> I'm currently working on replacing EMC's Celerra file servers by Linux/Samba.
> >>> The SID to UID/GID mapping table on Celerra is very large, ~50'000 entries
> >>> and I don't want to pollute my LDAP server with all this (using winbind with
> >>> LDAP back-end). Most of those entries are there for historical reasons and are
> >>> just useless.
> >>> Now my question: does anybody know a tool working under Windows to scan a
> >>> filesystem and collect all usernames/groupnames (or SIDS) used?
> >>> Any Samba's tool having this capability?
> >>>
> >>> Thanks for your time.
> >>>
> >>> Regards,
> >>> Chris
> >>>
> >> Chris,
> >>
> >> Easy. Find is your friend. It can find anything and do whatever with
> >> the results.
> >>
> >> find /tmp/ -type f -printf "%U \n" | sort | uniq > uids.txt
> >> find /tmp/ -type f -printf "%G \n" | sort | uniq > gids.txt
> >>
> >> If you know the uid's and gid's + you got the mappings, it's easy to
> >> know which sid's you (don't) need.
> >>
> >> --
> >> Frank Van Damme
> >>
> >> A: Because it destroys the flow of the conversation
> >> Q: Why is it bad?
> >> A: No, it's bad.
> >> Q: Should I top post in replies to mails or on usenet?
> >>
> >
> > Frank,
> >
> > thanks for your quick answer.
> > Unfortunately it's not what I'm looking for.
> > I want to find out what users or groups have been given
> > any rights on a file or directory. In other words I want
> > to collect user/group-names from ACL's. Or if you want,
> > collect those information which you would see when under
> > Windows you right click on a file/directory and select
> > properties/security.
> > And I'm looking for a way of do it "automaticaly".
> > A sort of Windows "getfacl -R".
> >
> > Thanks for your time.
> >
> > Regards,
> > Chris
> >
>
> I don't know how useful this would be as it's just a raw listing of all
> files & dirs with associated acls. It would need more massaging for any
> sort of scripted restore or data extract.
>
> Install gnuwin32 utils form sourceforge
> Install xcacls.exe from MS Resource Tools
>
> c:\path\to\gnuwin32\bin\find.exe X:\ > c:\temp\find.log
> for /f "usebackq delims==" %i in (`type c:\temp\find.log`) do
> @xcacls.exe "%i" >> c:\temp\xcacls.log
>
>
> --
> Toby Bluhm
> Midwest Instruments Inc.
> 30825 Aurora Road Suite 100
> Solon Ohio 44139
> 440-424-2250
>
A Windows admin run "cacls /T /C" on every share I'm interested in.
Just about to have a look at the resulting file...
Thanks and regards,
Chris
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list