[Samba] Switching between

Jeremy Allison jra at samba.org
Fri Jan 11 13:13:16 MST 2013


On Fri, Jan 11, 2013 at 07:07:26PM +0000, Steve Tice wrote:
> My organization is in the position of having to support full
> Windows ACLs on CIFS shares. We've been successfully utilizing
> Samba 3.5.10-125 and vfs_acl_tdb to accomplish that. However,
> the size of the resulting
> /var/lib/samba/state/file_ntacls.tdb[.unique-extension] file(s)
> has introduced some new problems for me to solve.
> 
> In our environment, it seems on average each stored ACL causes
> file_ntacls.tdb to grow by almost 1000 bytes. That's what I've
> observed with my customers - YMMV. We have to support millions
> of files per server, and we've seen TDB files larger than 2 GB.
> Is there any server change I can make to reduce the storage
> demands of the acl_tdb module?
> 
> Separately, we're considering switching from the acl_tdb module
> to the acl_xattr module. Do you know of any way to migrate or
> transfer the NTFS ACL data for each file from the TDB to an
> extended attribute? I'm trying to find a server-side solution
> to the migration problem. A client-side solution might be to
> rewrite each file (and resend the ACL data) after switching the
> Samba server configuration, but that puts a lot on the customers.

There's no code in Samba to do this unless you're doing it
via a client.

You could write custom code to pull the data out of the tdb
and re-store as EA's on the files, but that's outside the scope
of the tools we provide.

Jeremy.


More information about the samba mailing list