ONTAP Discussions

What do i need to give in XCP -fallback-user and -fallback-group?

PnaveenKumar

We using XCP to migrate the data from our local windows file servers to NetApp shares. So far we have copied data witout ACL's as part of our requirement. Now we need to copy data with ACL's. In-order to do that, I need to include few extra options such as, -acl, -fallback-user and -fallback-group. Here, what do i need to put in -fallback-user and -fallback-group?

 

Please don't put the same matter in the documentation here. Can someone please explain me with an example?

1 ACCEPTED SOLUTION

hmoubara

Hello,

 

The fallback-user parameter specifies a user on the target machine to receive the permissions of local (nondomain)source machine users
The fallback-group parameter specifies a group on the target machine to receive the permissions of local (nondomain)source machine users

For the fallback-user&group you can specify any user/group that can be found in Active Directory or is local to target filer; Say you have defined a local user on the source system, but this user does not exist on the destination system.
the -fallback-user field is used to assign a user on the destination in place of the user that is only on the source. The same is for the -fallback-group.

When XCP has to copy an ACE it has different rules depending on the ACE type that it encounters, per example:
• Active Directory ACE -> transfer it to target file unmodified;
• Built-in ACE -> same as for an Active Directory ACE;
• Local ACE -> replace the SID this ACE points to with the SID of the fallback-user or group;


Copying an ACL is done in two steps, first copy the inheritance flag and then process and copy the ACEs.
If "example.txt" has the following permissions on source:
• owner: builtin\administrator
• read permission: builtin\management group
• full access permission: netapp\xcp team

*builtin are local users on the source file system

XCP will transfer the file with the following permissions (command used: xcp copy -acl -fallback-user "netapp\administrator" -fallback-group "netapp\management group" <source> <target>):
• owner: netapp\administrator
• read permission: netapp\management group
• full access permission: netapp\xcp team


If you change the fallback user&group then the permissions will also be changed.

 

Hope this answer your question.

 

Thanks 

View solution in original post

1 REPLY 1

hmoubara

Hello,

 

The fallback-user parameter specifies a user on the target machine to receive the permissions of local (nondomain)source machine users
The fallback-group parameter specifies a group on the target machine to receive the permissions of local (nondomain)source machine users

For the fallback-user&group you can specify any user/group that can be found in Active Directory or is local to target filer; Say you have defined a local user on the source system, but this user does not exist on the destination system.
the -fallback-user field is used to assign a user on the destination in place of the user that is only on the source. The same is for the -fallback-group.

When XCP has to copy an ACE it has different rules depending on the ACE type that it encounters, per example:
• Active Directory ACE -> transfer it to target file unmodified;
• Built-in ACE -> same as for an Active Directory ACE;
• Local ACE -> replace the SID this ACE points to with the SID of the fallback-user or group;


Copying an ACL is done in two steps, first copy the inheritance flag and then process and copy the ACEs.
If "example.txt" has the following permissions on source:
• owner: builtin\administrator
• read permission: builtin\management group
• full access permission: netapp\xcp team

*builtin are local users on the source file system

XCP will transfer the file with the following permissions (command used: xcp copy -acl -fallback-user "netapp\administrator" -fallback-group "netapp\management group" <source> <target>):
• owner: netapp\administrator
• read permission: netapp\management group
• full access permission: netapp\xcp team


If you change the fallback user&group then the permissions will also be changed.

 

Hope this answer your question.

 

Thanks 

Public