[Samba] Automatic sysvol replication through detection of filesystem events

Miguel Medalha medalist at sapo.pt
Thu Apr 21 19:48:03 UTC 2016

I thought this can be useful to someone, so here it goes.

I am using automatic SysVol replication with the help of "watcher", a 
recursive incron.


"Watcher is a daemon that watches specified files/folders for changes 
and fires commands in response to those changes. It is similar to 
incron, however, configuration uses a simpler to read ini file instead 
of a plain text file. Unlike incron it can also recursively monitor 

Watcher needs "python-inotify". Install it using your package manager.

Follow the general instructions for SysVol replication on the Samba WiKi:


Please note that the rsync command line will have to be sligthly 
modified. Since the SysVol events will be detected on the source DC, 
replication will be made in push mode, not in pull mode as per the Samba 

Test the rsync command line manually before automating it. Since we are 
using "--delete-after", a mistake can be catastrophic for your target 
system. Use --dry-run and -v (verbose) on the command line, like this:

/bin/rsync --dry-run -XAavuz --delete-after 

Once you are happy with the results, you can remove "--dry-run" and -v 
(this can cause a very large watcher log file, but you can keep it if 
you like) from the rsync command line and use the form included in 

Put "watcher.py" and "watcher.ini" in a secure place, giving them 
appropriate permissions.

Edit "watcher.ini" according to your needs. I have the following:

; ----------------------
; General Settings
; ----------------------

; where to store output

; where to save the PID file

; ----------------------
; Job Setups
; ----------------------

; directory or file to watch.  Probably should be abs path.

; list of events to watch for.
; supported events:
; 'access' - File was accessed (read) (*)
; 'attribute_change' - Metadata changed (permissions, timestamps, 
extended attributes, etc.) (*)
; 'write_close' - File opened for writing was closed (*)
; 'nowrite_close' - File not opened for writing was closed (*)
; 'create' - File/directory created in watched directory (*)
; 'delete' - File/directory deleted from watched directory (*)
; 'self_delete' - Watched file/directory was itself deleted
; 'modify' - File was modified (*)
; 'self_move' - Watched file/directory was itself moved
; 'move_from' - File moved out of watched directory (*)
; 'move_to' - File moved into watched directory (*)
; 'open' - File was opened (*)
; 'all' - Any of the above events are fired
; 'move' - A combination of 'move_from' and 'move_to'
; 'close' - A combination of 'write_close' and 'nowrite_close'
; When monitoring a directory, the events marked with an asterisk (*) above
; can occur for files in the directory, in which case the name field in the
; returned event data identifies the name of the file within the directory.

; Comma separated list of excluded dir. Absolute path needed.
; Leave blank if no excluded dir setted

; if true, watcher will monitor directories recursively for changes

; if true, watcher will automatically watch new subdirectory

; the command to run. Can be any command. It's run as whatever user 
started watcher.
; The following wildards may be used inside command specification:
; $$ dollar sign
; $watched watched filesystem path (see above)
; $filename event-related file name
; $tflags event flags (textually)
; $nflags event flags (numerically)
; $cookie event cookie (integer used for matching move_from and move_to 
events, otherwise 0)
command=/bin/rsync -XAauz --delete-after 

As you can see under the "events" section, we are monitoring creation, 
deletion, modification and attribute changes of files and directories 
inside sysvol.

Start the watcher.py daemon, giving as a parameter the location of 

/somefolder/watcher.py -c /somefolder/watcher.ini start

You can now watch the results. Input the following at the source DC 
(attention, your paths may differ):

mkdir /usr/local/samba/var/sysvol/newdir
touch /usr/local/samba/var/sysvol/newdir/newfile
rm -f /usr/local/samba/var/sysvol/newdir/newfile
rmdir /usr/local/samba/var/sysvol/newdir

Creation and deletion of files and folders will be immediately mirrored 
on the target DC.

You can either make all Group Policy edits in the source AD DC or use 
this as a basis for implementing bidirectional SysVol replication.

Don't forget to script the startup of watcher at boot time. In CentOS, 
for example, you can include the startup line in the 
"/etc/rc.d/rc.local" file.

Again: TEST THE RSYNC COMMAND LINE with "--dry-run" and "-v".

More information about the samba mailing list