• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

Windows / Linux / Samba Question about maintaining UID when backing up.

We are using Samba (smbmount) to backup a number of Windows shares to our Linux server.  

It works very well, and we can retrieve files very quickly.
However, we have hit upon a fundamental problem; when we backup the files, we can maintain the permissions, but not the orignial user (ownerships).  Therefore, if we ever needed to restore a whole data tree rather than adhoc, we would have to restore, then change the owners manually (ouch).

I know account info is held within the domain and that UIDs and GIDs can be complex on Active Directory, and that copying of files will always create the new (copied) file in the name of the copying owner (which is usually sensible in most cases).

Unfortunately some of this data is sensitive, and we do not want any human error with a manual restore.

Does anybody know a way of sustaining the UID and GID without having to resort to special backup software being installed on the PC with the shares (and creating a backup file, then moving it to the Linux server)?

NOTE: The Linux server is fully intergrated into the Domain (AD) and if any user writes to the server, an appropriate NT UID (Offset to the Linux UID) is set for the files ownership.

Surely the fact that the Linux server can maintain Windows UIDs must provide some hope that we can do this...

Give me that last 5% to make this project a success!!!!
0
webforces
Asked:
webforces
  • 2
2 Solutions
 
wesly_chenCommented:
> The Linux server is fully intergrated into the Domain (AD) and if any user writes to the server,
> an appropriate NT UID (Offset to the Linux UID) is set for the files ownership.
That's the problem. The UID of the same user will change on Linux when the user writes the data on SAMBA server.

So for those users, you'd better create Linux account name, which is the same as the on Windows AD.
So the owner of UID won't change every time.
0
 
webforcesAuthor Commented:
Yes, I agree that that would help.

However, the biggest problem I have is with SMBmount.
No matter how I try and pull the data over with it, the UID and GID is set to a single user (The smbmount login user), so it sets all UIDs to that one.

What I am after is a way of backing up the Windows shares to a Linux box, whilst preserving the UID (Even if the number is different from Domain at this time) handled within Samba (if poss), becase what we have at the moment is a tree of data with all the same UID.

Does that make more sense?

M
0
 
TimEliseoCommented:
The first thing to keep in mind is that NTFS file security and other attributes are far more complex that just the Owner and a few permission bits. I know of nothing Unix-based that can extract much of this from the SMB protocol, much less replicate it all faithfully in a Unix filesystem (POSIX ACLs let you go beyond the simple permission bits, but still don't come close to supporting the options of NTFS file security). So if you really want to back up NTFS properly, you'll need something Windows-based.

If you understand this big limitation and really only care to back up the file owner, maybe a single group, a few permissions, and two of the three timestamps, then you can do much better by accessing the Windows shares using NFS rather than SMB. Samba is a great SMB server, but the client smbfs filesystem (and the userspace smbclient tool) are very poor by comparison. You can get an NFS server for Windows by installing the Windows Services for Unix (SFU) package, now available free (they used to charge for it) from Microsoft at:

   http://www.microsoft.com/windowsserversystem/sfu/downloads/

The only disadvantage is that you'll have to install and configure this on each PC you want to back up. You can configure the mapping of Windows users and groups to Unix users and groups in a very flexible way using the GUI admin tool that is part of SFU.  If you want your backup machine to have Administrator access to the files, be sure to create a mapping from Unix UID 0 to the Windows "Administrator" user. When you enable the NFS share, you'll also need to "Allow Anonymous Access" and set the UID and GID to 0. If you allow only your backup machine to have NFS access to the shares then you should have reasonable security (probably not high though, as NFS generally isn't).

In addition to user mapping, you'll also get proper interpretation of NTFS date stamps (you probably don't want to hear about the horrors of Daylight Saving/Summer Time handing in WIndows) and the ability to access files larger than 2GB.

Hope this helps,
Tim
0
 
webforcesAuthor Commented:
Thats a very thorough answer.  Ill give it a try over the next 2 days, and come back as I may have some smaller questions to tweak it.

Stay tuned...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now