plugout.net

[raidsm]

Hi!

can someone help me a bit.

I'm making a "clone" of my time capsule. I use rsync to copy file from it to my NS2.

rsync TC share TO NS2 share. I do it inside the backup menu after I did a SMB mount.

Somehow , I got funny permission problems and I'm too noob to understand everything that is happening. The best I can do is chmod -R 777 share/1000/NS2... I know it's not a good idea but it's the only way I can gain some of the permission I have. Still , I can't write on some of the folder in my share and some services doesn't work great like webdav where I can't write in my share.

Is there a way I can RSYNC inside a share in the NS2 and still be able do do what I want with the files?

I know I'm not that easy to understand but maybe some will ;)

ALSO what is the difference of mounting my TC smb share with the backup menu VS using a boot scritp? The reason I ask is because using the scrip , I can mount the TC share inside a share folder so I can access it via webdav , web explorer and so on....

[Jocko]

Hi raidsm,

Indeed your need information.

rsync TC share TO NS2 share. I do it inside the backup menu after I did a SMB mount.

Somehow , I got funny permission problems and I'm too noob to understand everything that is happening. The best I can do is chmod -R 777 share/1000/NS2... I know it's not a good idea but it's the only way I can gain some of the permission I have. Still , I can't write on some of the folder in my share and some services doesn't work great like webdav where I can't write in my share.

Rsync duplicates the permissions and I assume on a TM location, Mac allows only rw accesses to the owner (permissions 600 on files and 700 on folders). So as this account does not exist on the NAS you have this behaviour.
So the best way is to change the owner after each backup (you need to use the account "nobody")

Code: Select all

chown -R nobody:nobody /share/1000/xxxx

ALSO what is the difference of mounting my TC smb share with the backup menu VS using a boot scritp? The reason I ask is because using the scrip , I can mount the TC share inside a share folder so I can access it via webdav , web explorer and so on....

No there is no difference

[raidsm]

Wow thanks jocko I'll try this tonight when I get home and report back

[raidsm]

Hi Jocko,

i'm not sure if I understand quite well what is best in my case.

The goal: syncronise my Time Capsule with my NS2. I prefer a Mirror of my time capsule. I dont have root permission on the time capsule , only a account with read/write permission (I assume). I have a account on the NS2 wich isn't thesame as on the TC.

I am actualy using rsync built into the web backup too of the NS2. I also sometime make it manualy using the command rsync -a --delete.

The problem is one the file transer is finished , I have some trouble accessign the file on the NS2. Sometime I can't delete a file / folder , some services like webdav aren't able to write in the directory and so on...

What is the best way to achieve a Mirror backup that can be used normaly?

Sould I drom the -a (archive) option of the rsync command ans only use -r? (rsyn -r instead of rsync -a) so that the permission would not be transfered?

Maybe it's better to run a corn after each rsync with the command chown -R nobody:nobody /share/1000/xxxx?

I've read some information on permission but somehow i'm still badly confused....


Edit: it seem that the backup utility in the NS2 web page don't use the -a option for rsync. I use it when I manualy syncronise. :hairpull

Question: the first time I transfer all the data stored on my TC to NS@ , should I use rsync between them on should I copy from one share to the other using the Mac finder?

[Jocko]

Hi raidsm

I think you need to deepen what you want about your TM share:
- if you want to have a backup, it is a nonsense to use it for another usage (=> change permission and get an access to use files from it). A backup is a backup and must be used only for this : backup regularly your TM share and eventually restore TM share if you have issues on it.
- copy TM for sharing data via your NAS. Only in this case, you may need to change some permissions.

To understand what happens, you need to learn more how access it handles by linux:
for example if you have rw access only on a file (600) and its owner is "john" then only a linux user "john" (same uid) may read or write it (or root account). But permissions on the parent folder must be also checked. For example with webdav or samba, if the owner is not john and no run permissions is set for "all", then you won't be able to read or edit the file (even if you have the right permissions on the file).

So we need to understand samba and webdav use the account nobody to get physically access on the files and after use their settings to open rights or not on the request sent by a client (so according with the used webdav/samba account)

=> On a NAS accesses on a file are opened only if they match two rules: the server (ftp; samba; webdav;...) has rw permissions on it with its linux account (with fvdw-sl: nobody) and permissions set with its conf file according to the account used.

Edit: it seem that the backup utility in the NS2 web page don't use the -a option for rsync. I use it when I manualy syncronise. :hairpull

:disapprove Yes the backup menu uses it :
according with the rsync man

-a, --archive
This is equivalent to -rlptgoD. It is a quick way of saying you want recursion and want to preserve almost everything (with -H being a notable omission).

If you read the help page, you see the rsync command use "-rlptgoD". Indeed you can not use a as if you have use an USB disk with a FAT32 or ntfs partition, you need to disable (pgo) options.

I think to solve your issue you need to add this options in your rsync command "--chmod=ugo=rwX " (so set permission 666 on any files and 777 on folders) and DO NOT USE the option 'p' and so NOT USE option 'a'

[raidsm]

Hi jocko,

well what I may not understand well after all is the permission on the directory on the NAS.

All of them are owned by root , group root and have read , write and execute for everyone/groups. I assume then that the access rights of the share is manage by some other mecanism and is not the same as a directory permission of the filesystem. so 2 different types of permission wich I was misleading...

Services like samba and webdav are accessing those share with another account (nobody?). At first I was assuming that a share would have the same permission that a group or user have on the directory. So after all it's normal that any directory (share) have the same permission as another mecanism (samba , webdav) grant those access. Do I understand?

Also when I say a backup of my time capsule is that I have a copy of all my files available somewhere else that I can access in case of a disaster. It's just copie of files. NOT a duplicata of a system/permission etc...

What I understant is with Rsync -a , it also copy permissions. As permission on the folder are not the same that the one on my time capsule, what I must do is reset those with the one used but the nas itself.

rsync permission should be practical when coping folders but in my case , it's from a share to another share located on another NAS with different permission/access right. This is what cause the mess. Well I think.

When I looked at the permission on all the folder on the NAS they are the same. Is it safe then to apply those permission to the folder thats rsync changed when I used rsync to make the copy? (rsync changed the permission on some folders wich was after that not accessible using samba or webdav)

For the backup utility I will modify the PHP job to remove some of the parameters as you said (pgoD) it will then look like :

BEFORE:

Code: Select all

$cmd = "umask 0 && /usr/sbin/rsync --stats --force --ignore-errors --modify-window=2 -tDvplogr --delete '/share/1000/
10.0.1.1-smb-ATC/RaiD/' '/share/1000/NS2/RaiD'> '/share/1000/cronjobs/RaiD_";



AFTER:

Code: Select all

$cmd = "umask 0 && /usr/sbin/rsync --stats --force --ignore-errors --modify-window=2 -rtv --chmod=ugo=rwX --delete '/share/1000/
10.0.1.1-smb-ATC/RaiD/' '/share/1000/NS2/RaiD'> '/share/1000/cronjobs/RaiD_";



Is there an easy way of doing it manualy in the terminal so that it keeps runing in the background even if the terminal session closed? I just need to add & at the end?

Code: Select all

rsync --stats --force --ignore-errors --modify-window=2 -rtv --chmod=ugo=rwX --delete '/share/1000/
10.0.1.1-smb-ATC/RaiD/' '/share/1000/NS2/RaiD'> '/share/1000/cronjobs/RaiD_ &


:thinking

[Jocko]

Services like samba and webdav are accessing those share with another account (nobody?). At first I was assuming that a share would have the same permission that a group or user have on the directory. So after all it's normal that any directory (share) have the same permission as another mecanism (samba , webdav) grant those access. Do I understand?

Not fully
With samba or webdav,... you can never grant permissions but only degrade them
Group permissions is not fully implemented with fvdw-sl : each user linux account is also its own group. So set permission on group has not really effects.
I think some examples will be better (and I forget group action):

if file owner is root or nothing else except "nobody" and stored in a subfolder of the share "test" and we want to have an access via samba server by using a samba account "Peter".
case 1 no permission is set for 'other' => (660 or rw -rw -)
As the server can not read (or write) on this file (samba server uses the linux account "nobody") even if you allow a read access (or write) on the share "test". Peter won't be able to read (or write) the file.
case 2 you set read permission for 'other' => (664 or rw -rw -r)
Peter will be able to read only the file even if you allow a write access on the share "test" (the server can only read the file)
case 3 you set read/write permission for 'other' => (666 or rw -rw -rw)
Peter will have the permissions set on the share 'test' (either readonly or full access set by the admin for the account "Peter")

if file owner is nobody and stored in a subfolder of the share "test" and we want to have an access via samba server by using a samba account "Peter".
case 1 read/write is set for 'owner' (660 or rw-rw-)
Peter will have the permissions set on the share 'test' (either readonly or full access set by the admin for the account "Peter")
case 2 only read permission is set for 'owner' (440 or r -r -)
Peter will be able to read only the file even if you allow a write access on the share "test" (the server can only read the file)

Code: Select all

$cmd = "umask 0 && /usr/sbin/rsync --stats --force --ignore-errors --modify-window=2 -rtv --chmod=ugo=rwX --delete '/share/1000/
10.0.1.1-smb-ATC/RaiD/' '/share/1000/NS2/RaiD'> '/share/1000/cronjobs/RaiD_";

Is there an easy way of doing it manualy in the terminal so that it keeps runing in the background even if the terminal session closed? I just need to add & at the end?

So I see you want to reuse the php script set by the backup menu is a good idea (especially if you use a remote share the script makes some tests to check is the remote share is really mounted before running the rsync)
if you look at the code you will read some other lines which adds some additional part of command string (to write in a rsync log file and put the command in background, use '&' is not enough (you need to redirect error channel)

In your command you need to keep the options l and D.

From a terminal this php script must be run like this

Code: Select all

php /pathto..script/Rsync_xxxxx.php > /pathto..log/yourscriptlogfile

(yourscriptlogfile will contain information about fail/success script: succeed or not to start the rsync job)
This one puts the rsync command in background but I do not think it detaches the rsync child process from the terminal. So you need to use

Code: Select all

nohup php /pathto..script/Rsync_xxxxx.php > /pathto..log/yourscriptlogfile

[raidsm]

done and it works great! for the rsync

But for permissions , my brain is off right now and I don't quite get it! :lmao I understand that the server side AND the user side needs a combination of rights to access data...

Thanks Jocko , right now I just give 777 perms on all my personal share as I'm the only one using the NAS and I want to be able to use all the services (webdav etc) and do backups of my TC on it via rsync.

keep up the great works and happy holidays !

hope to see firmware 17 soon ;)