[Samba] Is it possible to clone an NT ACL from one file or dir to a totally different file or dir ?
hartnegg at gmx.de
Thu May 17 09:23:49 UTC 2018
On 07.04.2018 at 22:02 Ken McDonald wrote:
> By using deep extended attribute cloning, only getfattr is needed
> because it includes the ACL entries normally configured by using
> getfacl. This helped ...a lot... in reducing winbind username/group
> lookup calls. The key line that clones POSIX/Windows ACL entries is this.
> getfattr -d -m - $1 | sed 1d | sed "1 i\# file: $ENCODED" | setfattr
I found this to be insufficient, and are using these two commands:
# transfer Unix-ACLs (and owner, group, and mode-bits):
cd $src; getfacl -R -n . | (cd $dst; setfacl --restore=-)
# transfer ATTRs (including Windows-ACLs, but not owner, group, or
cd $src; getfattr -R -d -m - . | (cd $dst; setfattr --restore=-)
If I remember correct, the Unix owner, group and mode bits must also be
copied, otherwise the Windows-ACLs will be ignored.
This requires traversing all directories twice, but the second run is
usually a lot faster because caching, independend on the order in which
the commands are run.
More information about the samba