Transferring Filespace Access Control Lists ACLs (Users, Groups and Shares)

David Bull
David Bull
  • Updated

Target audience: Filespace administrators

Overview

Our users often wish to operate multiple Filespaces for various reasons and duplicate the Lucid in-built ACLs comprising of Users, Groups and Shares across Filespaces for simplicity of uniformed user access.

It could be hosting a separate Filespace for production to archive data and ensuring the data layout and Filespaces appear to users exactly the same. Or data migrations between Filespaces hosted on different object storage providers.

If you are performing a migration you might like to explore our Filespace data migration article and Migration Strategies article for general data movement concepts.

In this article we will focus on the task of listing the built-in Lucid Users capturing their Admin roles, Groups and Shares via command-line scripts to export and import between source and destination Filespaces running as daemon instances on either Linux, macOS or Windows.

The scripts are designed as individual steps: if you don't require groups and therefore user group assignments, you can safely skip those steps. Equally if you don't require shares or intend on having a different data layout, you can duplicate your users, their Admin roles, groups and exclude the shares.

You can run the scripts multiple times, to refresh configurations. Existing users and groups will be ignored, as they already exist. User Admin role and group assignments or share allocations will be applied.

For "Just-in-time" SSO Filespaces or hybrid Lucid ACLs also consult this KB article. You will find a Legacy SSO Admin role assignments, user and group share allocation script within this article

Linux and macOS (Bash)

1. Configure Filespace instances

    Source  Filespace

screen -S SourceFilespace -dm lucid --instance 1 daemon --fs source.domain --user root --password rootpwd --mount-point /media/source

    Destination Filespace

screen -S DestFilespace -dm lucid --instance 2 daemon --fs dest.domain --user root --password rootpwd --mount-point /media/dest

2. Download user_script.sh, group_script.sh, user_group_script.sh, share_script.sh and make each script executable.

curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_script.sh 
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/group_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_group_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/share_script.sh
chmod u+x *_script.sh

3. Lists users from source Filespace instance 1 and import into Filespace instance 2 and generate a random password for each user outputted to users_passwords.txt

./user_script.sh <fs1rootpwd> <fs2rootpwd>
Each user will require their temporary password to login and will be forced to change their password at first login. 

Retrieve the passwords:
cat users_passwords.txt

4. List groups and import.

./group_script.sh <fs1rootpwd> <fs2rootpwd>

5. List user group allocations and import.

./user_group_script.sh <fs1rootpwd> <fs2rootpwd>

6.  Allocate listed shares for users and groups.

If you've already copied the data and your directory structure exists your shares will create successfully. If not Rsync directory structure only between Source and Destinations for share creation.
rsync -av -f"+ */" -f"- *" "/media/source/" "/media/dest"

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./share_script.sh <fs1rootpwd> <fs2rootpwd>

7. Check Filespace destination Users, Groups and Shares

lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 share --configured --password <fs2rootpwd>

8. Clean up temporary files, scripts and optionally the bash history after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password. 

rm lucid_groups_output.txt lucid_shares_output.txt lucid_user_output.txt lucid_users_role_output.txt lucid_groups_users.txt lucid_user_commands.txt lucid_user_roles_commands.txt lucid_group_commands.txt lucid_shares.txt lucid_user_group_commands.txt lucid_users.txt lucid_groups.txt lucid_shares_commands.txt lucid_user_groups_output.txt lucid_users_role.txt
rm user_script.sh group_script.sh user_group_script.sh share_script.sh
rm users_passwords.txt

Remove Bash shell history

for i in $(history | grep 'lucid' | awk '{print$1}' | sort -nr); do history -d $i;done
for i in $(history | grep '_script.sh' | awk '{print$1}' | sort -nr); do history -d $i;done
sed -i -e '/lucid/d' ~/.bash_history
sed -i -e '/_script.sh/d' ~/.bash_history

9. Exit Lucid instance daemons

lucid --instance 1 exit
lucid --instance 2 exit

Windows (PowerShell)

1. Configure Filespace source and target instances

    Source

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 1 daemon --fs <source.domain> --mount-point s: --password <rootpwd>"

    Target

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 daemon --fs <target.domain> --mount-point t: --password <rootpwd>"

2. Download user_script.ps1, group_script.ps1, user_group_script.ps1, share_script.ps1 

Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_script.ps1 -OutFile user_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/group.script.ps1 -OutFile group_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_group_script.ps1 -OutFile user_group_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/share_script.ps1 -OutFile share_script.ps1

3. Users export and import script. Outputs 

./user_script.ps1 <fs1rootpwd> <fs2rootpwd>
Each user will require their temporary password to login and will be forced to change their password at first login. 

Retrieve the passwords:

get-content users_passwords.txt

4. Group export and import script

./group_script.ps1 <fs1rootpwd> <fs2rootpwd>

5. User to Group allocations script

./user_group_script.ps1 <fs1rootpwd> <fs2rootpwd>

6. Assign Shares script

If you've already copied the data and your directory structure exists your shares will create successfully. If not Robocopy directory structure only between Source and Destinations for share creation.
robocopy s: t: /e /xf * /r:0 /w:0

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./share_script.ps1 <fs1rootpwd> <fs2rootpwd>

7. Check Filespace destination Users, Groups and Shares

lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 share --password <fs2rootpwd>

8. Clean up temporary files, scripts and optionally the command history after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password. 

remove-item lucid_user_log.txt,lucid_user_output.txt,lucid_user_error_output.txt,lucid_shares_output.txt,lucid_shares_log.txt,lucid_shares_error_output.txt,lucid_group_user_output.txt,lucid_group_user_log.txt,lucid_group_user_error_output.txt,lucid_group_output.txt,lucid_group_log.txt,lucid_group_error_output.txt,lucid_user_role_output.txt,lucid_user_role_error_output.txt,lucid_user_role_log.txt 
remove-item user_script.ps1,group_script.ps1,user_group_script.ps1,share_script.ps1
remove-item users_passwords.txt
Remove PowerShell command-line shell history
clear-history -CommandLine *lucid*
clear-history -CommandLine *_script.ps1*
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "lucid" | Out-File "$HistorySavePath"
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "_script.ps1" | Out-File "$HistorySavePath"

9. Exit Lucid source and target instance daemons

lucid --instance 1 exit
lucid --instance 2 exit
Edge cases might be caused by special characters and/or unusual spacings within your shares. These will hopefully be an anomaly in your configuration and can be simply recreated manually.
Alternatively adjust the default script regular expressions to account for your configuration. Please do not hesitate to reach out to support via a ticket. 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.