rsync active directory shared dataset to another local folder

[JoeAtWork]

Hi All,

TrueNAS CORE 12.0-U7

I have a dataset that is set to ACL Mode: Passthrough
I connect via windows 10 cifs drive letter, copy some files and folders to /src and verify the permissions

I use the local TrueNAS rsync application to copy files from src/* to dst/
rsync -avr -o -g src/* dst/

What I see is the "folders" in dst/ have correct permissions but the "files" do not and generate this error when viewing the security properties on my windows 10 machine:
The permissions on file xxx.yyy are incorrectly ordered, which may cause some entries to be ineffective.

what I see is :
"Everyone" now has Special permissions
"wheel" now has Special permissions
all other permissions are the same

Is there a known way to fix this, I assume if I use an "rsync module" as the destination I will have the same error.

Thanks,
Joe

 

[anodos]

Hi All,

I have a dataset that is set to ACL Mode: Passthrough
I connect via windows 10 cifs drive letter, copy some files and folders to /src and verify the permissions

I use the local TrueNAS rsync application to copy files from src/* to dst/
rsync -avr -o -g src/* dst/

What I see is the "folders" in dst/ have correct permissions but the "files" do not and generate this error when viewing the security properties on my windows 10 machine:
The permissions on file xxx.yyy are incorrectly ordered, which may cause some entries to be ineffective.

what I see is :
"Everyone" now has Special permissions
"wheel" now has Special permissions
all other permissions are the same

Is there a known way to fix this, I assume if I use an "rsync module" as the destination I will have the same error.

Thanks,
Joe

rsync is probably adding on an extra chmod() / fchmod() that is breaking the perms. Perhaps try temporarily setting restricted aclmode on target.

 

[JoeAtWork]

I have restricted mode on and even with a cp command I am getting odd permissions when I look at it in Windows

cp -prv src/* dst/

 

[JoeAtWork]

rsync -vr src/* dst/
works but the security on all the files are inherited from the new folder, not what I wanted

cp -prv src/* dst/
works and copies the permissions correctly, I really want to use rsync and the module so I do not have to expose any shares to users on the network.

 

[JoeAtWork]

Well it seems rsync is very complex. The extended attributes or nfsv4acls just might be too much. IBM/Red Hat has documented on REL7 and REL8 you might have a chance : https://access.redhat.com/solutions/3628891

rsync -X --filter='-x system.posix_acl' src/* dst/

I can get the copy but no nfsv4acl as it might be zfs/freebsd does nfsv4acls different than linux and the rsync just can't figure it out. My zfs mount point shows nfsv4acls from the command line and getfacl shows the source has 7 nfsv4acls and a windows userid for owner.

Because I am doing this as the root user on the TrueNAS box it is showing the destination owner as root, not the AD user xxYYYY like it should. :-(

Is this suppose to be this painful?

Thanks,
Joe

 

[anodos]

Red hat documentation doesn't apply to freebsd. You don't need to use xattrs, Try with the `--acls` option

 

[JoeAtWork]

Red hat documentation doesn't apply to freebsd. You don't need to use xattrs, Try with the `--acls` option

anados,

You are a godsend!

I changed the data set from restrictive back to passthru and it worked PERFECT!

Woo Hoo!

Thanks,
Joe

 

[JoeAtWork]

Next in the quest is trying to use cwrsync on Windows Server 2019 and the rsync module to pass those acls. That might be impossible....

 

[anodos]

Next in the quest is trying to use cwrsync on Windows Server 2019 and the rsync module to pass those acls. That might be impossible....

They will be (different rsync version), but you can use robocopy though SMB instead.

 

[JoeAtWork]

Well cwrsync is not good, it tells me:
rsync: ACLs are not supported on this client

when I try to use -A

 

[JoeAtWork]

In 2019 it seems they gave up on Windows ACL's....

How do I use rsync to reliably transfer permissions & ACLs when copying from NTFS internal C: to NTFS External disk?

What options of Rsync can I reliably use/ how/ combine to either: RELIABLY TRANSFER "working" even if "limited set" of Permissions/ ACLs reliably & without conflict between the Gray area of ...

unix.stackexchange.com

I don't wanna give up. :-(

 

[winnielinnie]

I don't wanna give up. :-(

They will be (different rsync version), but you can use robocopy though SMB instead.

You simply won't be able to with cwrsync or cygwin + rsync, as @anodos explained. You just have to use a native Windows application that supports transferring ACLs.

 

[JoeAtWork]

You simply won't be able to with cwrsync or cygwin + rsync, as @anodos explained. You just have to use a native Windows application that supports transferring ACLs.

It looks like I will have to complain to the rsync developers, as of 2022 I am sure they can make acl's work.

 

[winnielinnie]

It looks like I will have to complain to the rsync developers

It's not an rsync issue. It's specifically cwrsync (as well as rsync + cygwin) on Windows.

The rsync client on Linux distros supports the --acls ("-A") flag.

That's why @anodos recommends to use something native to Windows, such as Robocopy (or alternatively, skip the ACLs if you want to use rsync on Windows.)

 

[winnielinnie]

I believe Acrosync is built to support ACLs, however, the application is very limited, gives little room to customize your options, and no matter what others may tell you, it's absolutely abandonware.

It's not even free. You get a 15-day trial, and then have to pay for a license key.

I don't know of any Windows native rsync applications other than cwrsync and Acrosync.

 

[anodos]

It looks like I will have to complain to the rsync developers, as of 2022 I am sure they can make acl's work.

Different ACL models. There's no way to rsync an NTFS ACL to a traditional Linux system in a lossless manner. NTFS ACLs don't convert to POSIX1E ACLs losslessly. This is perhaps possible with NFSv4 ACLs, but there are few products out there that support them.

 

[JoeAtWork]

Different ACL models. There's no way to rsync an NTFS ACL to a traditional Linux system in a lossless manner. NTFS ACLs don't convert to POSIX1E ACLs losslessly. This is perhaps possible with NFSv4 ACLs, but there are few products out there that support them.

The whole idea I wanted to display was how long it takes rsync/robocopy to deal with files and how long it takes TrueNAS ZFS replication to deal with the same data at the block level.

I know to do a large server at work it can take 20 hours to robocopy and if the blocks changed is only 3gig the ZFS replication should be about 1 minute. Then I have to present the data as SMB and I hope expose the snapshots(shadow copies)