Windows / Linux / Samba Question about maintaining UID when backing up.

Posted on 2005-05-11
Last Modified: 2010-03-18
We are using Samba (smbmount) to backup a number of Windows shares to our Linux server.  

It works very well, and we can retrieve files very quickly.
However, we have hit upon a fundamental problem; when we backup the files, we can maintain the permissions, but not the orignial user (ownerships).  Therefore, if we ever needed to restore a whole data tree rather than adhoc, we would have to restore, then change the owners manually (ouch).

I know account info is held within the domain and that UIDs and GIDs can be complex on Active Directory, and that copying of files will always create the new (copied) file in the name of the copying owner (which is usually sensible in most cases).

Unfortunately some of this data is sensitive, and we do not want any human error with a manual restore.

Does anybody know a way of sustaining the UID and GID without having to resort to special backup software being installed on the PC with the shares (and creating a backup file, then moving it to the Linux server)?

NOTE: The Linux server is fully intergrated into the Domain (AD) and if any user writes to the server, an appropriate NT UID (Offset to the Linux UID) is set for the files ownership.

Surely the fact that the Linux server can maintain Windows UIDs must provide some hope that we can do this...

Give me that last 5% to make this project a success!!!!
Question by:webforces
    LVL 38

    Assisted Solution

    > The Linux server is fully intergrated into the Domain (AD) and if any user writes to the server,
    > an appropriate NT UID (Offset to the Linux UID) is set for the files ownership.
    That's the problem. The UID of the same user will change on Linux when the user writes the data on SAMBA server.

    So for those users, you'd better create Linux account name, which is the same as the on Windows AD.
    So the owner of UID won't change every time.

    Author Comment

    Yes, I agree that that would help.

    However, the biggest problem I have is with SMBmount.
    No matter how I try and pull the data over with it, the UID and GID is set to a single user (The smbmount login user), so it sets all UIDs to that one.

    What I am after is a way of backing up the Windows shares to a Linux box, whilst preserving the UID (Even if the number is different from Domain at this time) handled within Samba (if poss), becase what we have at the moment is a tree of data with all the same UID.

    Does that make more sense?

    LVL 3

    Accepted Solution

    The first thing to keep in mind is that NTFS file security and other attributes are far more complex that just the Owner and a few permission bits. I know of nothing Unix-based that can extract much of this from the SMB protocol, much less replicate it all faithfully in a Unix filesystem (POSIX ACLs let you go beyond the simple permission bits, but still don't come close to supporting the options of NTFS file security). So if you really want to back up NTFS properly, you'll need something Windows-based.

    If you understand this big limitation and really only care to back up the file owner, maybe a single group, a few permissions, and two of the three timestamps, then you can do much better by accessing the Windows shares using NFS rather than SMB. Samba is a great SMB server, but the client smbfs filesystem (and the userspace smbclient tool) are very poor by comparison. You can get an NFS server for Windows by installing the Windows Services for Unix (SFU) package, now available free (they used to charge for it) from Microsoft at:

    The only disadvantage is that you'll have to install and configure this on each PC you want to back up. You can configure the mapping of Windows users and groups to Unix users and groups in a very flexible way using the GUI admin tool that is part of SFU.  If you want your backup machine to have Administrator access to the files, be sure to create a mapping from Unix UID 0 to the Windows "Administrator" user. When you enable the NFS share, you'll also need to "Allow Anonymous Access" and set the UID and GID to 0. If you allow only your backup machine to have NFS access to the shares then you should have reasonable security (probably not high though, as NFS generally isn't).

    In addition to user mapping, you'll also get proper interpretation of NTFS date stamps (you probably don't want to hear about the horrors of Daylight Saving/Summer Time handing in WIndows) and the ability to access files larger than 2GB.

    Hope this helps,

    Author Comment

    Thats a very thorough answer.  Ill give it a try over the next 2 days, and come back as I may have some smaller questions to tweak it.

    Stay tuned...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now