[Samba] vfs_snapper
Stefan G. Weichinger
lists at xunil.at
Wed Jun 19 09:59:41 UTC 2024
Am 19.06.24 um 11:35 schrieb Stefan G. Weichinger via samba:
> Am 17.06.24 um 16:06 schrieb Rowland Penny via samba:
>
>>> The user is member of "domain admins", isn't that enough?
>>
>> No, because they would be classed as 'others'.
>>
>>>
>>> Or does "SYNC_ACL" not yet work OK, because we miss the steps in
>>>
>>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>>>
>>> which is what I assume (I have to wait for their admin to walk him
>>> through these steps)
>>
>> Oh yes, once done correctly, you will be able to give Domain Admins the
>> required permissions (provided you are not using the 'ad' idmap
>> backend).
>
> thanks so far
>
> I am a bit lost right now.
>
> I currently prepare the migration from old to new server
>
> I rsync the data from old server "main" to new server "main2":
>
> /usr/bin/rsync -avXx main:/mnt/daten/ /mnt/pool1/samba/daten
> --exclude=".snapshots" --delete
>
> additional fact:
>
> old server fs: ext4
>
> new server fs: btrfs
>
> The ACLs ("getfacl" ?) aren't synced over ...
>
> Unfortunately we have a bit more complex ACLs than in the Samba-Howto,
> and we would like to have that synced/copied over if possible.
>
> How can I achieve that?
Addition:
the user sees snapshots, but no files in them.
on the fs itself:
# ls -la .snapshots/189
total 8
drwxr-xr-x 1 root root 32 Jun 19 11:00 .
drwxr-x--x+ 1 root root 208 Jun 19 11:00 ..
-rw------- 1 root root 187 Jun 19 11:00 info.xml
drwxrwx--- 1 nobody domain users 478 Apr 15 08:01 snapshot
so a member should be allowed to traverse
in snapper
ALLOW_USERS="user1 sgw"
ALLOW_GROUPS="domain\ admins"
SYNC_ACL="yes"
but this seems not to be applied to the snapshots, right?
I currently don't see on which layer I should act at first.
Does "previous versions" in Windows access as the actual AD user or as
somebody else?
More information about the samba
mailing list