Hi, I have to migrate our data from one old samba server to a new one. Due to various reasons we had to change some settings. Now I struggle to get the acls right. old smb.conf: [global] ??????? log file = /var/log/samba/%m ??????? realm = AD.XXXXXX ??????? security = ADS ??????? template homedir = /home/%U ??????? template shell = /bin/bash ??????? winbind use default domain = Yes ??????? workgroup = AD ??????? idmap config ad:range = 2000-300000 ??????? idmap config ad:schema_mode = rfc2307 ??????? idmap config ad:backend = ad ??????? idmap config * : range = 1000000-1000100 ??????? idmap config * : backend = tdb ??????? create mask = 0770 ??????? directory mask = 0770 ??????? map acl inherit = Yes ??????? vfs objects = acl_xattr new smb.conf: [global] ??????? clustering = Yes ??????? registry shares = Yes ??????? log file = /var/log/samba/%m ??????? realm = AD.XXXXXX ??????? security = ADS ??????? template shell = /bin/bash ??????? winbind use default domain = Yes ??????? workgroup = AD ??????? idmap config ad:range = 1000000-1999999 ??????? idmap config ad:backend = rid ??????? idmap config * : range = 10000-10100 ??????? idmap config * : backend = tdb ??????? inherit acls = Yes ??????? map acl inherit = Yes ??????? ctdb:registry.tdb = yes ??????? vfs objects = acl_xattr ??????? acl_xattr:ignore system acls = yes The big differences are affecting my problem: - idmap config ad:backend changed from ad to rid (rsync can handle that - I know) - previously the acls were stored via posix and extended attributes, now they are stored only in extended attributes How can I copy the data without losing the access rights?? There is _not_ one user who has access to all files/directories in the share. So copying via windows is not possible (right now). Regards Sebastian
Sebastian Neustein
2023-Aug-18 07:55 UTC
[Samba] ...or howto change vfs_acl_xattr options inplace without changing access rights
Sebastian Neustein wrote:> I have to migrate our data from one old samba server to a new one. Due > to various reasons we had to change some settings. Now I struggle to > get the acls right. > ?Previously the acls were stored via posix and extended attributes, > now they are stored only in extended attributesWith the default settings of vfs_acl_xattr samba takes posix acls into account when delivering data - how can I activate "acl_xattr:ignore system acls = yes" without loosing the information saved in posix acls? Background: our future file system won't be able to support acls. Is there a way to migrate all acl information from the posix acls into the extended attributes? I have an inkling that I read at some stage, that vfs_acl_xattr deletes/overwrites the extended attributes once the posix acls are changed. Is there a way to trigger that on cli? The idea is to change these settings on the old server before copying the data to the new server. I hope to be able to use rsync for the migration then. Thanks you for any help with this! Sebastian
Maybe Matching Threads
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- vfs_shadow_copy2 cannot read/find snapshots
- vfs_shadow_copy2 cannot read/find snapshots