[Samba] VFS objects - how to migrate/move file_ntacls.tdb
adrian.berlin
adrian.berlin at o2.pl
Wed Nov 16 00:36:02 MST 2011
Hi!
Many thanks for help.
Regarding to how many ACLs can be stored in acl_tdb and acl_xattr, I can save on XFS only 22 entries plus CREATOR GROUP, CREATOR OWNER and EVERYONE. Seems it is about 25 entries for one directory/file.
Is it correct or I missed something?
Cheers!
/Adrian Berlin
Dnia 16 listopada 2011 0:08 Jonathan Buzzard <jonathan at buzzard.me.uk> napisał(a):
> Jeremy Allison wrote:
> > On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote:
> >> Hi!
> >> Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine?
> >> I tried manually copy file_ntacls.tdb and restart samba but it doesn't work.
> >> Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success.
> >
> > That's not going to work as the ACL data is indexed by dev/ino pairs
> > in the tdb, and on the new machine they will be different.
> >
> > You'll need to use a backup tool that copies the ACLs as you
> > copy the data.
>
> Once you are into using ACL' best method to transfer the files from one
> server to another is to take a Windows machine map the drive on both
> servers and use robocopy or similar tool that will preserve permissions
> while doing a file synchronization.
>
> Robocopy from Vista or Win7 is better as you can use
>
> ROBOCOPY <source> <target> /MIR /SEC /SECFIX
>
> The last option fixes the security on existing files in the target, and
> appeared in Vista.
>
> I would note that files_ntacls.tdb is not really suitable for a
> production file server, unless you are going to back it up from a client
> machine that is. The reason being a restore is going to leave you
> without your ACL's and no way to ever recover it because the inodes of
> the files will almost certainly be different. Much more sensible to
> store it in xattr's if you ask me, at least that way you have a fighting
> chance of getting the ACL's back. You can also fiddle with the files
> server side without messing up your file_ntacls.tdb database.
>
> Better yet use a file system that does NFSv4 ACL's and a suitable VFS
> module :-)
>
>
> JAB.
>
>
More information about the samba
mailing list