[Samba] Samba4: where are ACLs stored?

Thomas Harold thomas-lists at nybeta.com
Thu Sep 26 10:54:23 MDT 2013


On 9/26/2013 10:12 AM, Klaus Hartnegg wrote:
> Hi,
>
> most file access rights sync between ACLs of linux and the security tab
> of windows file properties, but not all. Where are the other infos stored?
>
> I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
> output changed when using windows to add individual right for a user
> that already has rights inherited from the parent directory. Windows
> remembers every detail of these changes, even after a reboot, so it must
> be stored somewhere.
>
> I'm concerned that backups might be incomplete when part of the access
> rights are hidden somewhere else. Will 'cp -a' really copy everything?
>

Under ext4, we mount with "rw,noatime,user_xattr,acl".

http://docs.fedoraproject.org/en-US/Fedora/14/html/Storage_Administration_Guide/ext4mount.html

https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System

https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System

According to the ext4 documentation page, barrier=barrier (a.k.a. 
barrier=1) is the default, but it doesn't hurt to specify it in your 
/etc/fstab file for the file system where your TDB files are stored. 
Use "cat /proc/mounts" to see current file system mount options.

You can check kernel defaults for xattr and ACL support by finding your 
config.gz or config file.  Under CentOS, this is stored in /boot

# grep CONFIG_EXT4_FS /boot/config-2.6.32-358.18.1.el6.x86_64
or
# zgrep CONFIG_EXT4_FS /proc/config.gz

Command to check ACLs:

# getfacl

Command to check xattrs:

# getfattr

...

All that to say my guess is that the ACLs get stored in "acl" ext4 mount 
option.

I know that rdiff-backup stores: "preserves subdirectories, hard links, 
dev files, permissions, uid/gid ownership, modification times, extended 
attributes, acls, and resource forks".  So you would need to check that 
your backup software supports both "extended attributes" and "ACLs".



More information about the samba mailing list