On Fri, Jan 11, 2013 at 07:07:26PM +0000, Steve Tice
wrote:> My organization is in the position of having to support full
> Windows ACLs on CIFS shares. We've been successfully utilizing
> Samba 3.5.10-125 and vfs_acl_tdb to accomplish that. However,
> the size of the resulting
> /var/lib/samba/state/file_ntacls.tdb[.unique-extension] file(s)
> has introduced some new problems for me to solve.
>
> In our environment, it seems on average each stored ACL causes
> file_ntacls.tdb to grow by almost 1000 bytes. That's what I've
> observed with my customers - YMMV. We have to support millions
> of files per server, and we've seen TDB files larger than 2 GB.
> Is there any server change I can make to reduce the storage
> demands of the acl_tdb module?
>
> Separately, we're considering switching from the acl_tdb module
> to the acl_xattr module. Do you know of any way to migrate or
> transfer the NTFS ACL data for each file from the TDB to an
> extended attribute? I'm trying to find a server-side solution
> to the migration problem. A client-side solution might be to
> rewrite each file (and resend the ACL data) after switching the
> Samba server configuration, but that puts a lot on the customers.
There's no code in Samba to do this unless you're doing it
via a client.
You could write custom code to pull the data out of the tdb
and re-store as EA's on the files, but that's outside the scope
of the tools we provide.
Jeremy.