On 9/26/2013 10:12 AM, Klaus Hartnegg wrote:
Hi,
most file access rights sync between ACLs of linux and the security tab
of windows file properties, but not all. Where are the other infos stored?
I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
output changed when using windows to add individual right for a user
that already has rights inherited from the parent directory. Windows
remembers every detail of these changes, even after a reboot, so it must
be stored somewhere.
I'm concerned that backups might be incomplete when part of the access
rights are hidden somewhere else. Will 'cp -a' really copy everything?
Under ext4, we mount with "rw,noatime,user_xattr,acl".
http://docs.fedoraproject.org/en-US/Fedora/14/html/Storage_Administration_Guide/ext4mount.html
https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System
https://wiki.samba.org/index.php/Samba_4/OS_Requirements#ext3.2Fext4_File_System
According to the ext4 documentation page, barrier=barrier (a.k.a.
barrier=1) is the default, but it doesn't hurt to specify it in your
/etc/fstab file for the file system where your TDB files are stored.
Use "cat /proc/mounts" to see current file system mount options.
You can check kernel defaults for xattr and ACL support by finding your
config.gz or config file. Under CentOS, this is stored in /boot
# grep CONFIG_EXT4_FS /boot/config-2.6.32-358.18.1.el6.x86_64
or
# zgrep CONFIG_EXT4_FS /proc/config.gz
Command to check ACLs:
# getfacl
Command to check xattrs:
# getfattr
...
All that to say my guess is that the ACLs get stored in "acl" ext4 mount
option.
I know that rdiff-backup stores: "preserves subdirectories, hard links,
dev files, permissions, uid/gid ownership, modification times, extended
attributes, acls, and resource forks". So you would need to check that
your backup software supports both "extended attributes" and "ACLs".
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
