[Samba] vfs_snapper

Wed Jun 19 09:59:41 UTC 2024

Am 19.06.24 um 11:35 schrieb Stefan G. Weichinger via samba:
> Am 17.06.24 um 16:06 schrieb Rowland Penny via samba:
> 
>>> The user is member of "domain admins", isn't that enough?
>>
>> No, because they would be classed as 'others'.
>>
>>>
>>> Or does "SYNC_ACL" not yet work OK, because we miss the steps in
>>>
>>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>>>
>>> which is what I assume (I have to wait for their admin to walk him
>>> through these steps)
>>
>> Oh yes, once done correctly, you will be able to give Domain Admins the
>> required permissions (provided you are not using the 'ad' idmap
>> backend).
> 
> thanks so far
> 
> I am a bit lost right now.
> 
> I currently prepare the migration from old to new server
> 
> I rsync the data from old server "main" to new server "main2":
> 
> /usr/bin/rsync -avXx main:/mnt/daten/ /mnt/pool1/samba/daten 
> --exclude=".snapshots"  --delete
> 
> additional fact:
> 
> old server fs: ext4
> 
> new server fs: btrfs
> 
> The ACLs ("getfacl" ?) aren't synced over ...
> 
> Unfortunately we have a bit more complex ACLs than in the Samba-Howto, 
> and we would like to have that synced/copied over if possible.
> 
> How can I achieve that?

Addition:

the user sees snapshots, but no files in them.

on the fs itself:

# ls -la .snapshots/189
total 8
drwxr-xr-x  1 root   root          32 Jun 19 11:00 .
drwxr-x--x+ 1 root   root         208 Jun 19 11:00 ..
-rw-------  1 root   root         187 Jun 19 11:00 info.xml
drwxrwx---  1 nobody domain users 478 Apr 15 08:01 snapshot

so a member should be allowed to traverse

in snapper

ALLOW_USERS="user1 sgw"
ALLOW_GROUPS="domain\ admins"
SYNC_ACL="yes"

but this seems not to be applied to the snapshots, right?

I currently don't see on which layer I should act at first.

Does "previous versions" in Windows access as the actual AD user or as 
somebody else?