[Samba] VFS objects - how to migrate/move file_ntacls.tdb
Jonathan Buzzard
jonathan at buzzard.me.uk
Tue Nov 15 16:08:05 MST 2011
Jeremy Allison wrote:
> On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote:
>> Hi!
>> Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine?
>> I tried manually copy file_ntacls.tdb and restart samba but it doesn't work.
>> Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success.
>
> That's not going to work as the ACL data is indexed by dev/ino pairs
> in the tdb, and on the new machine they will be different.
>
> You'll need to use a backup tool that copies the ACLs as you
> copy the data.
Once you are into using ACL' best method to transfer the files from one
server to another is to take a Windows machine map the drive on both
servers and use robocopy or similar tool that will preserve permissions
while doing a file synchronization.
Robocopy from Vista or Win7 is better as you can use
ROBOCOPY <source> <target> /MIR /SEC /SECFIX
The last option fixes the security on existing files in the target, and
appeared in Vista.
I would note that files_ntacls.tdb is not really suitable for a
production file server, unless you are going to back it up from a client
machine that is. The reason being a restore is going to leave you
without your ACL's and no way to ever recover it because the inodes of
the files will almost certainly be different. Much more sensible to
store it in xattr's if you ask me, at least that way you have a fighting
chance of getting the ACL's back. You can also fiddle with the files
server side without messing up your file_ntacls.tdb database.
Better yet use a file system that does NFSv4 ACL's and a suitable VFS
module :-)
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list