Target audience: Filespace administrators
Overview
Our users often wish to operate multiple Filespaces for various reasons and duplicate the Lucid in-built ACLs comprising of Users, Groups and Permissions across Filespaces for simplicity of uniformed user access.
It could be hosting a separate Filespace for production to archive data and ensuring the data layout and Filespaces appear to users exactly the same. Or data migrations between Filespaces hosted on different object storage providers.
If you are performing a migration you might like to explore our Filespace data migration article and Migration Strategies article for general data movement concepts.
In this article we will focus on the task of listing the built-in Lucid Users capturing their Admin roles, Groups and Permissions via command-line scripts to export and import between source and destination Filespaces running as daemon instances on either Linux, macOS or Windows.
The scripts are designed as individual steps: if you don't require groups and therefore user group assignments, you can safely skip those steps. Equally if you don't require permissions or intend on having a different data layout, you can duplicate your users, their Admin roles, groups and exclude the permissions.
You can run the scripts multiple times, to refresh configurations. Existing users and groups will be ignored, as they already exist. User Admin role and group assignments or permission allocations will be applied.
For "Just-in-time" SSO Filespaces or hybrid Lucid ACLs also consult this KB article. You will find a Legacy SSO Admin role assignments, user and group permission allocation script within this article.
Please note, as of Filespace format 2.2 the legacy term “Shares” has been changed to “Permissions.” Our scripts will automatically detect the Filespace format for Permissions or Shares.
Linux and macOS (Bash)
1. Configure Filespace instances
Source Filespace
screen -S SourceFilespace -dm lucid --instance 1 daemon --fs source.domain --user root --password rootpwd --mount-point /media/source
Destination Filespace
screen -S DestFilespace -dm lucid --instance 2 daemon --fs dest.domain --user root --password rootpwd --mount-point /media/dest
2. Download user_script.sh, group_script.sh, user_group_script.sh, permissions_script.sh and make each script executable.
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/group_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_group_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/ACL/permissions_script.sh
chmod u+x *_script.sh
3. Lists users from source Filespace instance 1 and import into Filespace instance 2 and generate a random password for each user outputted to users_passwords.txt
./user_script.sh <fs1rootpwd> <fs2rootpwd>
Each user will require their temporary password to login and will be forced to change their password at first login.
Retrieve the passwords:
cat users_passwords.txt
4. List groups and import.
./group_script.sh <fs1rootpwd> <fs2rootpwd>
5. List user group allocations and import.
./user_group_script.sh <fs1rootpwd> <fs2rootpwd>
6. Allocate listed permissions for users and groups.
If you've already copied the data and your directory structure exists your permissions will create successfully. If not Rsync directory structure only between Source and Destinations for permission creation.rsync -av -f"+ */" -f"- *" "/media/source/" "/media/dest""The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.
./permissions_script.sh <fs1rootpwd> <fs2rootpwd>
7. Check Filespace destination Users, Groups and Permissions
lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 permission --configured --password <fs2rootpwd>
8. Clean up temporary files, scripts and optionally the bash history after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password.
rm lucid_groups_output.txt lucid_permissions_output.txt lucid_user_output.txt lucid_users_role_output.txt lucid_groups_users.txt lucid_user_commands.txt lucid_user_roles_commands.txt lucid_group_commands.txt lucid_permissions.txt lucid_user_group_commands.txt lucid_users.txt lucid_groups.txt lucid_permissions_commands.txt lucid_user_groups_output.txt lucid_users_role.txt
rm user_script.sh group_script.sh user_group_script.sh permissions_script.sh
rm users_passwords.txt
Remove Bash shell history
for i in $(history | grep 'lucid' | awk '{print$1}' | sort -nr); do history -d $i;done
for i in $(history | grep '_script.sh' | awk '{print$1}' | sort -nr); do history -d $i;done
sed -i -e '/lucid/d' ~/.bash_history
sed -i -e '/_script.sh/d' ~/.bash_history
9. Exit Lucid instance daemons
lucid --instance 1 exit
lucid --instance 2 exit
Windows (PowerShell)
1. Configure Filespace source and target instances
Source
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 1 daemon --fs <source.domain> --mount-point s: --password <rootpwd>"
Target
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 daemon --fs <target.domain> --mount-point t: --password <rootpwd>"
2. Download user_script.ps1, group_script.ps1, user_group_script.ps1, permissions_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_script.ps1 -OutFile user_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/group.script.ps1 -OutFile group_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/user_group_script.ps1 -OutFile user_group_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/ACL/permissions_script.ps1 -OutFile permissions_script.ps1
3. Users export and import script. Outputs
./user_script.ps1 <fs1rootpwd> <fs2rootpwd>
Each user will require their temporary password to login and will be forced to change their password at first login.Retrieve the passwords:
get-content users_passwords.txt
4. Group export and import script
./group_script.ps1 <fs1rootpwd> <fs2rootpwd>
5. User to Group allocations script
./user_group_script.ps1 <fs1rootpwd> <fs2rootpwd>
6. Assign Permissions script
If you've already copied the data and your directory structure exists your permissions will create successfully. If not Robocopy directory structure only between Source and Destinations for permission creation.robocopy s: t: /e /xf * /r:0 /w:0"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.
./permissions_script.ps1 <fs1rootpwd> <fs2rootpwd>
7. Check Filespace destination Users, Groups and Permissions
lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 permission --password <fs2rootpwd>
8. Clean up temporary files, scripts and optionally the command history after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password.
remove-item lucid_user_log.txt,lucid_user_output.txt,lucid_user_error_output.txt,lucid_permissions_output.txt,lucid_permissions_log.txt,lucid_permissions_error_output.txt,lucid_group_user_output.txt,lucid_group_user_log.txt,lucid_group_user_error_output.txt,lucid_group_output.txt,lucid_group_log.txt,lucid_group_error_output.txt,lucid_user_role_output.txt,lucid_user_role_error_output.txt,lucid_user_role_log.txt
remove-item user_script.ps1,group_script.ps1,user_group_script.ps1,permissions_script.ps1
remove-item users_passwords.txt
Remove PowerShell command-line shell historyclear-history -CommandLine *lucid*
clear-history -CommandLine *_script.ps1*
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "lucid" | Out-File "$HistorySavePath"
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "_script.ps1" | Out-File "$HistorySavePath"
9. Exit Lucid source and target instance daemons
lucid --instance 1 exit
lucid --instance 2 exit
Edge cases might be caused by special characters and/or unusual spacings within your permissions. These will hopefully be an anomaly in your configuration and can be simply recreated manually.
Alternatively adjust the default script regular expressions to account for your configuration. Please do not hesitate to reach out to support via a ticket.
- share_script.sh1 KB
- group_script.sh1 KB
- user_group_script.sh1 KB
- share_script.ps12 KB
- group.script.ps12 KB
- user_group_script.ps12 KB
- permissions_script.sh2 KB
- permissions_script.ps13 KB
- user_script.ps13 KB
- user_script.sh2 KB