[Samba] permissions, and maybe a violation of the least surprise principle

Rowland Penny rpenny at samba.org
Tue Nov 9 13:42:20 UTC 2021

On Tue, 2021-11-09 at 08:02 -0500, Nick Couchman via samba wrote:
> > 

> > 
> > 

> > 
> > Looks like rsync'ing from XFS to ZFS doesn't preserve POSIX
> > extended
> > ACLs, either. Damn. 

Could this be on freebsd ? 
ZFS is known to be a problem on Samba, because it uses NFSv4 ACLs

> >  I need to find an ext4 system I'm using POSIX ACLs
> > on; maybe ext4 performs better in this regard.

It at least uses ACL's

> > 
> > Has anyone tested to see if copying files from ext4 to ext4
> > preserves
> > POSIX extended ACLs? Under some conditions (say same UID's on each
> > system)?

No it doesn't, not unless the users has the same UID on both systems.

> > 
> > 
> What flags are you using with rsync? There's a flag specifically for
> ACLs
> (-A), and one for xattrs (-X) so you have to make sure to specify
> those. I
> generally have very good success with copying ACL across filesystems,
> though I cannot say for sure that I've tried from XFS to ZFS, etc. My
> rsync
> command generally looks like this:
> rsync -aADXHv <source> <destination>
> Also, one thing I've found with rsync regarding ID mapping is this:
> * If the user account exists on the destination system, ownership
> will be
> properly changed so that the username matches. So, if account "nick"
> has ID
> 1001 on system A, and account "nick" has ID 2001 on system B, if I
> rsync
> from system A to B, the account "nick" will own all of the files on
> System
> B that the account owned on system A, regardless of the fact that the
> numeric ID does not match.

So, how do explain the fact that you have to sync idmap.ldb between
DC's before the directories and files are owned by the correct user and
groups ?

More information about the samba mailing list