English

Copying ACLs between SMB shares

Contributors netapp-bcammett Download PDF of this topic

Cloud Sync can copy access control lists (ACLs) between a source SMB share and a target SMB share. If needed, you can manually preserve the ACLs yourself by using robocopy.

Setting up Cloud Sync to copy ACLs between SMB servers

Copy ACLs between SMB servers by enabling a setting when you create a relationship or after you create a relationship.

Note that this feature is available for new sync relationships created after the 23 Feb 2020 release. If you’d like to use this feature with existing relationships created prior to that date, then you’ll need to recreate the relationship.

What you’ll need
  • A new sync relationship or an existing sync relationship created after the 23 Feb 2020 release.

  • Any type of data broker.

    This feature works with any type of data broker: the AWS, Azure, Google Cloud Platform, or on-prem data broker. The on-prem data broker can run any supported operating system.

Steps for a new relationship
  1. From Cloud Sync, click Create New Sync Relationship.

  2. Drag and drop SMB Server to the source and target and click Continue.

  3. On the SMB Server page:

    1. Enter a new SMB server or select an existing server and click Continue.

    2. Enter credentials for the SMB server.

    3. Select Copy Access Control Lists to the target and click Continue.

      A screenshot that shows the option to enable Copy Access Control Lists to the target.

  4. Follow the remaining prompts to create the sync relationship.

Steps for an existing relationship
  1. Hover over the sync relationship and click the action menu.

  2. Click Settings.

  3. Select Copy Access Control Lists to the target.

  4. Click Save Settings.

Result

When syncing data, Cloud Sync preserves the ACLs between the source and target SMB shares.

Manually copying ACLs

You can manually preserve ACLs between SMB shares by using the Windows robocopy command.

Steps
  1. Identify a Windows host that has full access to both SMB shares.

  2. If either of the endpoints require authentication, use the net use command to connect to the endpoints from the Windows host.

    You must perform this step before you use robocopy.

  3. From Cloud Sync, create a new relationship between the source and target SMB shares or sync an existing relationship.

  4. After the data sync is complete, run the following command from the Windows host to sync the ACLs and ownership:

    robocopy /E /COPY:SOU /secfix [source] [target] /w:0 /r:0 /XD ~snapshots /UNILOG:”[logfilepath]

    Both source and target should be specified using the UNC format. For example: \\<server>\<share>\<path>