[Samba] permissions, and maybe a violation of the least surprise principle

[Nick Couchman]

On Tue, Nov 9, 2021 at 10:57 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 2021-11-09 at 08:02 -0500, Nick Couchman via samba wrote:
> > >
>
> >
> > >
> > >
>
> > >
> > > Looks like rsync'ing from XFS to ZFS doesn't preserve POSIX
> > > extended
> > > ACLs, either. Damn.
>
> Could this be on freebsd ?
> ZFS is known to be a problem on Samba, because it uses NFSv4 ACLs
>
> > >  I need to find an ext4 system I'm using POSIX ACLs
> > > on; maybe ext4 performs better in this regard.
>
> It at least uses ACL's
>
> > >
> > > Has anyone tested to see if copying files from ext4 to ext4
> > > preserves
> > > POSIX extended ACLs? Under some conditions (say same UID's on each
> > > system)?
>
> No it doesn't, not unless the users has the same UID on both systems.
>
> > >
> > >
> > What flags are you using with rsync? There's a flag specifically for
> > ACLs
> > (-A), and one for xattrs (-X) so you have to make sure to specify
> > those. I
> > generally have very good success with copying ACL across filesystems,
> > though I cannot say for sure that I've tried from XFS to ZFS, etc. My
> > rsync
> > command generally looks like this:
> >
> > rsync -aADXHv <source> <destination>
> >
> > Also, one thing I've found with rsync regarding ID mapping is this:
> > * If the user account exists on the destination system, ownership
> > will be
> > properly changed so that the username matches. So, if account "nick"
> > has ID
> > 1001 on system A, and account "nick" has ID 2001 on system B, if I
> > rsync
> > from system A to B, the account "nick" will own all of the files on
> > System
> > B that the account owned on system A, regardless of the fact that the
> > numeric ID does not match.
>
> So, how do explain the fact that you have to sync idmap.ldb between
> DC's before the directories and files are owned by the correct user and
> groups ?
>
>
I don't - I have never synced that file.

-Nick