Slightly OT maybe: at a customer we run the main data share on the samba file server (access defined via Windows ACLs) ... so far no surprise ;-) then we let a 2nd server pull snapshots via rsnapshot (you know: https://rsnapshot.org/) and provide the resulting tree of snapshots via samba again: read-only, only for some admin users So far OK, runs for years (although it gets slower, other topic) Now we notice issues with accessing snapshots, the ACLs don't get synced correctly. I fiddle with the rsync options now. Currently testing "-aAX" (and waiting for the run to finish). Does anyone else do something similar? I also consider simply using "--chown" here: forget the ACLs in the snapshot, just provide them for the admins to pick files here and there. And I wonder if "--numeric-ids" is good in this case. hints welcome
Am 09.08.19 um 09:23 schrieb Stefan G. Weichinger via samba:> Slightly OT maybe: > > at a customer we run the main data share on the samba file server > (access defined via Windows ACLs) ... so far no surprise ;-) > > then we let a 2nd server pull snapshots via rsnapshot (you know: > https://rsnapshot.org/) and provide the resulting tree of snapshots via > samba again: read-only, only for some admin users > > So far OK, runs for years (although it gets slower, other topic) > > Now we notice issues with accessing snapshots, the ACLs don't get synced > correctly. > > I fiddle with the rsync options now. > > Currently testing "-aAX" (and waiting for the run to finish). > > Does anyone else do something similar? > > I also consider simply using "--chown" here: forget the ACLs in the > snapshot, just provide them for the admins to pick files here and there. > > And I wonder if "--numeric-ids" is good in this case.why don't you just make sure users and groups are identical on both machines? i use "-tPrlpogEAX" for many years in a rsync.sh and never call rsymnc directly except scripts with modified params when needed # -z compress # -t timestamps # -P progress # -r recursive # -l links # -p permissions # -o owner # -g group # -E executability # -A acls # -X xtended attributes
On 09/08/2019 08:23, Stefan G. Weichinger via samba wrote:> Slightly OT maybe: > > at a customer we run the main data share on the samba file server > (access defined via Windows ACLs) ... so far no surprise ;-) > > then we let a 2nd server pull snapshots via rsnapshot (you know: > https://rsnapshot.org/) and provide the resulting tree of snapshots via > samba again: read-only, only for some admin users > > So far OK, runs for years (although it gets slower, other topic) > > Now we notice issues with accessing snapshots, the ACLs don't get synced > correctly. > > I fiddle with the rsync options now. > > Currently testing "-aAX" (and waiting for the run to finish). > > Does anyone else do something similar? > > I also consider simply using "--chown" here: forget the ACLs in the > snapshot, just provide them for the admins to pick files here and there. > > And I wonder if "--numeric-ids" is good in this case. > > hints welcome >Are you using the winbind 'ad' backend on all Unix domain members ? Rowland
Am 09.08.19 um 09:48 schrieb Rowland penny via samba:>> And I wonder if "--numeric-ids" is good in this case. >> >> hints welcome >> > Are you using the winbind 'ad' backend on all Unix domain members ?You might have guessed "no" or "it's complicated": the server pulling the rsnapshots is also a DC (and not a DM)
Am 09.08.19 um 09:32 schrieb Reindl Harald via samba:> why don't you just make sure users and groups are identical on both > machines?sure ... that's why we're talking ;-)> i use "-tPrlpogEAX" for many years in a rsync.sh and never call rsymnc > directly except scripts with modified params when needed > > # -z compress > # -t timestamps > # -P progress > # -r recursive > # -l links > # -p permissions > # -o owner > # -g group > # -E executability > # -A acls > # -X xtended attributesphew, ok. Might edit rsnapshot.conf accordingly. thanks