My organization is in the position of having to support full Windows ACLs on CIFS shares. We've been successfully utilizing Samba 3.5.10-125 and vfs_acl_tdb to accomplish that. However, the size of the resulting /var/lib/samba/state/file_ntacls.tdb[.unique-extension] file(s) has introduced some new problems for me to solve.
In our environment, it seems on average each stored ACL causes file_ntacls.tdb to grow by almost 1000 bytes. That's what I've observed with my customers - YMMV. We have to support millions of files per server, and we've seen TDB files larger than 2 GB. Is there any server change I can make to reduce the storage demands of the acl_tdb module? Separately, we're considering switching from the acl_tdb module to the acl_xattr module. Do you know of any way to migrate or transfer the NTFS ACL data for each file from the TDB to an extended attribute? I'm trying to find a server-side solution to the migration problem. A client-side solution might be to rewrite each file (and resend the ACL data) after switching the Samba server configuration, but that puts a lot on the customers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba