[Samba] VFS objects - how to migrate/move file_ntacls.tdb
Gary Greene
ggreene at minervanetworks.com
Wed Nov 16 09:53:12 MST 2011
On 11/15/11 11:36 PM, "adrian.berlin" <adrian.berlin at o2.pl> wrote:
> Hi!
Many thanks for help.
Regarding to how many ACLs can be stored in acl_tdb
> and acl_xattr, I can save on XFS only 22 entries plus CREATOR GROUP, CREATOR
> OWNER and EVERYONE. Seems it is about 25 entries for one directory/file.
Is it
> correct or I missed something?
Cheers!
/Adrian Berlin
Dnia 16 listopada
> 2011 0:08 Jonathan Buzzard <jonathan at buzzard.me.uk> napisał(a):
> Jeremy
> Allison wrote:
> > On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin
> wrote:
> >> Hi!
> >> Does anyone know how to move/migrate ACLs from
> file_ntacls.tdb to another machine?
> >> I tried manually copy file_ntacls.tdb
> and restart samba but it doesn't work.
> >> Also I tried to dump and restore
> tdb file using tdbdump and tdbrestore without success.
> >
> > That's not
> going to work as the ACL data is indexed by dev/ino pairs
> > in the tdb, and
> on the new machine they will be different.
> >
> > You'll need to use a
> backup tool that copies the ACLs as you
> > copy the data.
>
> Once you are
> into using ACL' best method to transfer the files from one
> server to
> another is to take a Windows machine map the drive on both
> servers and use
> robocopy or similar tool that will preserve permissions
> while doing a file
> synchronization.
>
> Robocopy from Vista or Win7 is better as you can use
>
>
> ROBOCOPY <source> <target> /MIR /SEC /SECFIX
>
> The last option fixes the
> security on existing files in the target, and
> appeared in Vista.
>
> I
> would note that files_ntacls.tdb is not really suitable for a
> production
> file server, unless you are going to back it up from a client
> machine that
> is. The reason being a restore is going to leave you
> without your ACL's and
> no way to ever recover it because the inodes of
> the files will almost
> certainly be different. Much more sensible to
> store it in xattr's if you
> ask me, at least that way you have a fighting
> chance of getting the ACL's
> back. You can also fiddle with the files
> server side without messing up
> your file_ntacls.tdb database.
>
> Better yet use a file system that does
> NFSv4 ACL's and a suitable VFS
> module :-)
>
>
> JAB.
>
>
--
To
> unsubscribe from this list go to the following URL and read the
instructions:
> https://lists.samba.org/mailman/options/samba
Actually, that is true IIRC for all Linux ACL enabled file-systems (they all
use the same VFS code for ACL and EA manipulation.)
--
Gary L. Greene, Jr.
Sr. Systems Administrator
IT Operations, Minerva Networks Inc.
Cell: (650) 704-6633
More information about the samba
mailing list