Hi, most file access rights sync between ACLs of linux and the security tab of windows file properties, but not all. Where are the other infos stored? I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither output changed when using windows to add individual right for a user that already has rights inherited from the parent directory. Windows remembers every detail of these changes, even after a reboot, so it must be stored somewhere. I'm concerned that backups might be incomplete when part of the access rights are hidden somewhere else. Will 'cp -a' really copy everything? Thanks, Klaus
On 9/26/2013 10:12 AM, Klaus Hartnegg wrote:> Hi, > > most file access rights sync between ACLs of linux and the security tab > of windows file properties, but not all. Where are the other infos stored? > > I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither > output changed when using windows to add individual right for a user > that already has rights inherited from the parent directory. Windows > remembers every detail of these changes, even after a reboot, so it must > be stored somewhere. > > I'm concerned that backups might be incomplete when part of the access > rights are hidden somewhere else. Will 'cp -a' really copy everything? >Under ext4, we mount with "rw,noatime,user_xattr,acl". http://docs.fedoraproject.org/en-US/Fedora/14/html/Storage_Administration_Guide/ext4mount.html https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System According to the ext4 documentation page, barrier=barrier (a.k.a. barrier=1) is the default, but it doesn't hurt to specify it in your /etc/fstab file for the file system where your TDB files are stored. Use "cat /proc/mounts" to see current file system mount options. You can check kernel defaults for xattr and ACL support by finding your config.gz or config file. Under CentOS, this is stored in /boot # grep CONFIG_EXT4_FS /boot/config-2.6.32-358.18.1.el6.x86_64 or # zgrep CONFIG_EXT4_FS /proc/config.gz Command to check ACLs: # getfacl Command to check xattrs: # getfattr ... All that to say my guess is that the ACLs get stored in "acl" ext4 mount option. I know that rdiff-backup stores: "preserves subdirectories, hard links, dev files, permissions, uid/gid ownership, modification times, extended attributes, acls, and resource forks". So you would need to check that your backup software supports both "extended attributes" and "ACLs".
Hi List, I'm new in the list and with Samba4
I was installed, samba4 ver. 4.0.9 in a server with openSUSE 12.3, 32 bits.
Previously I had samba3.6.x installed in my server, the users could
access to /home/(users) as like as users drive (U:) and modify every
thing in theirs drive.
But with Samba4:
- How my users can modify theirs home(eg.User:erick, with home
directory: /home/erick ) in the server, because in this, they can't
modify(Delete, Create, Rename and so so) any thing.
- When the user login in their session how can appear automatically the
drive U: for example with their home files.
My client PC are windows XP sp2 installed with theirs profiles "only
local".
Thanks
T.I.A.
I provide my "smb.conf" configuration if you could help me.
[global]
server string = Samba4 Server en NEURODESARROLLO
workgroup = NEURODCAR
realm = NEURODCAR.MTZ.SLD.CU
netbios name = ALFA
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc
dns forwarder = 10.44.0.10
logon path = \\%L\profiles\%U
logon home = \\%N\%U
logon drive = U:
domain logons = Yes
domain master = Yes
local master = Yes
preferred master = Yes
os level = 65
log level = 3
[homes]
comment = Home Directories
valid users = %ACCOUNTNAME%, %S, %D%w%S
browseable = No
read only = No
[profiles]
path = /usr/local/samba/Profiles/
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/neurodcar.mtz.sld.cu/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
#######################################
--
Jes?s Reyes Piedra
Admin Red Neurodearrollo,C?rdenas
La caja dec?a:"Requiere windows 95 o superior"...
Entonces instal? LINUX.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20130926/679e4b0c/attachment.pgp>
On Thu, 2013-09-26 at 16:12 +0200, Klaus Hartnegg wrote:> Hi, > > most file access rights sync between ACLs of linux and the security tab > of windows file properties, but not all. Where are the other infos stored? > > I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither > output changed when using windows to add individual right for a user > that already has rights inherited from the parent directory. Windows > remembers every detail of these changes, even after a reboot, so it must > be stored somewhere. > > I'm concerned that backups might be incomplete when part of the access > rights are hidden somewhere else. Will 'cp -a' really copy everything?Can you show me your smb.conf? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org