[Samba] Rights issue on GPO
lists
lists at merit.unu.edu
Tue Jun 21 10:10:46 UTC 2016
Hi Achim, list,
On 21-6-2016 11:26, Achim Gottinger wrote:
> Exactly, rsync should map user and group names if the demon on the
> destination runs as root. But this does not work. I tested it with an
> group named test with gid 1000 on server #1 and gid 1001 on server #2.
> It works if rsync is used via ssh like this
> rsync -vv -XAavz -e ssh root at server2:/var/lib/samba/private/sysvol/
> /var/lib/samba/private/sysvol/
> Seems to be an issue with rsync causing trouble with sysvols.
>
> achim~
I just tried your suggestion, rsync over ssh vs rsync to rsyncd, and
much to my surprise, there is a difference in the resulting data?!
However unfortunately on our DC4, also rsync over ssh doesn't give us
the same getfacl output as on DC2/DC3, but it's surprising (to me) that
there is a difference at all:
rsync to rsyncd result on DC4:
> root at dc4:~/sysvol# getfacl /var/lib/samba/sysvol
> getfacl: Removing leading '/' from absolute path names
> # file: var/lib/samba/sysvol
> # owner: root
> # group: BUILTIN\134administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\134administrators:rwx
> user:3000009:r-x
> user:OURDOMAIN\134proxmox$:rwx
> group::rwx
> group:1078:r-x
> group:BUILTIN\134administrators:rwx
> group:3000009:r-x
> group:OURDOMAIN\134proxmox$:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\134administrators:rwx
> default:user:3000009:r-x
> default:user:OURDOMAIN\134proxmox$:rwx
> default:group::---
> default:group:1078:r-x
> default:group:BUILTIN\134administrators:rwx
> default:group:3000009:r-x
> default:group:OURDOMAIN\134proxmox$:rwx
> default:mask::rwx
> default:other::---
rsync over ssh result on DC4:
> root at dc4:~/sysvol# getfacl sysvol/
> # file: sysvol/
> # owner: root
> # group: BUILTIN\134administrators
> user::rwx
> user:root:rwx
> user:BUILTIN\134administrators:rwx
> user:3000009:r-x
> user:OURDOMAIN\134proxmox$:rwx
> group::rwx
> group:BUILTIN\134administrators:rwx
> group:3000009:r-x
> group:BUILTIN\134server\040operators:r-x
> group:OURDOMAIN\134proxmox$:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\134administrators:rwx
> default:user:3000009:r-x
> default:user:OURDOMAIN\134proxmox$:rwx
> default:group::---
> default:group:BUILTIN\134administrators:rwx
> default:group:3000009:r-x
> default:group:BUILTIN\134server\040operators:r-x
> default:group:OURDOMAIN\134proxmox$:rwx
> default:mask::rwx
> default:other::---
And the 'original' getfacl on both DC2/DC3 looks like this:
> user::rwx
> user:root:rwx
> user:BUILTIN\134administrators:rwx
> user:3000009:r-x
> user:3000300:rwx
> group::rwx
> group:BUILTIN\134server\040operators:r-x
> group:BUILTIN\134administrators:rwx
> group:3000009:r-x
> group:3000300:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\134administrators:rwx
> default:user:3000009:r-x
> default:user:3000300:rwx
> default:group::---
> default:group:BUILTIN\134server\040operators:r-x
> default:group:BUILTIN\134administrators:rwx
> default:group:3000009:r-x
> default:group:3000300:rwx
> default:mask::rwx
> default:other::---
So even though your solution causes a change, our DC4 still looks not
completely healthy... Suggestions to cure our DC4 would be very much
appreciated...
But there is a much more fundamental question... how come here is
difference between (rsync over ssh) vs (rsync to rsyncd)??!
MJ
More information about the samba
mailing list