PCman

files loosing security groups after sync

Recommended Posts

hi

I have a strange problem with files loosing the security permissions. Example: I create a test.bmp file on server1 that get synced to server2 without problems and with the right security permissions. Everything gets synced correctly - all user and group permissions. I then modify the test.bmp file on server02 that gets synced but now with fewer security group and user permissions. The file permisssion on server02 is ok but the synced file on server01 is missing 2 security groups. Hope you guys can help me because this is really annoying. The servers are running windows server 2012. I checked this : https://support.microsoft.com/en-us/kb/320246 because it looks similar to the problems I have

Share this post


Link to post
Share on other sites

Sync is not syncing ALC permissions, they are rather set up locally in accordance with umask (on posix) or inheritance rules on Windows 

Share this post


Link to post
Share on other sites

ok thanks Helen, I think I got a little bit closer to solving my problem. When I have created a file on server01 and modified the synced file on server02, the file inherits the security from the hidden .sync folder. So if there are a lot of subfolders with different permisssions it wont matter because the synced file only looks on the security on the .sync folder. I found this KB on the problem with file permissions: https://support.microsoft.com/en-us/kb/310316 

" You can modify how Windows Explorer handles permissions when objects are copied or moved to another NTFS volume. When you copy or move an object to another volume, the object inherits the permissions of its new folder. However, if you want to modify this behavior to preserve the original permissions, modify the registry as follows. 

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit in the Open box, and then press ENTER.
  2. Locate and then click the following registry key:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: ForceCopyAclwithFile
    Data type: DWORD
    Value data: 1
  4. Exit Registry Editor."

Share this post


Link to post
Share on other sites

did you anyhow manually set up ACL for .sync? it should have inherited permissions from the parted, and thus the files - also, inherit same permissions. 

Share this post


Link to post
Share on other sites

Does anyone knows if this issue has been solved in newer versions of Resilio?

I evaluated V2.3.? some years ago but couldn't get it to work properly due to the reasons that PCman describes above.
When an updated file was synchronized from one server to another it was first copied to the .sync folder and then moved to its final destination meaning that it would not inherit the permissions from the destination folder but rather keep the permissions of the .sync-folder.

For this to work in a setup with many subfolders with different permissions a sync task had to be created for each individual folder to get separate .sync folders to which correct permissions could be set. I found this to be way to painful to administer and abandoned Resilio although I liked almost everything else with the program.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.