[Novalug] filesize limit on rsync or cp?--solved

Bryan J. Smith b.j.smith@ieee.org
Wed Sep 16 17:17:33 EDT 2009


From: Peter Larsen <plarsen@famlarsen.homelinux.com>

> If the files are to be used on Windows systems that may not be the best
> solution.
> Megan, I would look into creating an NTFS file system if you're sharing
> it with windows boxes. That way you can keep the filesize etc.

I would strongly recommend _against_ that, per my prior e-mail.

The only "safe" setup I've seen is when _all_ Windows systems are
XP Home Edition with "simple [file] sharing" enabled on _all_ of them.
Otherwise, you can introduce Access Control Entries (ACEs) into the
NTFS filesystem.  If you do such, and those ACEs are tied to Security
ID mechanisms of the local System Accounts Manager (SAM) of the
local Windows system, then when another system modifies the NTFS
filesystem, corruptions can occur.

It's not nearly as bad as back in the NT 3.5 - 4.0 days, but Microsoft
still has been very inconsistent on addressing it.  They've provided a
number of stop-gaps until WinFS (fka CairoFS) will provide a store,
but that's been delayed (again).

One is the "simple [file] sharing" which prevents people from adding
Security contexts to files in NT 5.1 (XP) "Home Edition."  It doesn't
prevent people from running "cacls" but most home users don't do that,
so removing the dialog box in that mode does the job.  The other thing
that stores local SAM-SID info in a hidden part of the disk label are
Dynamic Discs (one of the four purposes for Dynamic Disks, which
appear as a slice/partition of type 42h in a legacy BIOS/DOS disk
label/partition table), but that's largely so disks can be moved from a
failed Windows Server to another failed Windows Server (especially
if it's not a Domain Controller, DC, which adopts the network-wide SAM
of the domain, regular, non-DC servers do not any may store ACEs with
local SAM-SID info from the registry).

In other words, you have to know what you are doing with NTFS.  Most
people do not.

It's the reason why vendors tried shipping NTFS by default with their
large disks only to go back to VFAT to avoid the issues.  E.g., even
NT 6.0 (Vista) "Home" Editions now re-enable ACEs and try to apply
them for security reasons.  I cannot tell you how many screwed up ACLs
I've seen as a result when it wasn't part of an AD 2003+ domain.  I
believe Microsoft is going back "simple [file] sharing" approach by
default with NT 6.1 (Windows 7) "Home" Editions.  I've been meaning
to verify.


-- 
Bryan J  Smith           Professional, Technical Annoyance 
Linked Profile:         http://www.linkedin.com/in/bjsmith 
---------------------------------------------------------- 
Red Hat:  That 'other' American software company built on
open customer selection of options and value, instead of
controlled distribution channels of forced bundle and lock


-- 
Peter Larsen <plarsen@famlarsen.homelinux.com>




More information about the Novalug mailing list