Transferring Filespace Access Control Lists ACLs (Users, Groups and Shares)

David Bull
David Bull
  • Updated

Our users often wish to operate multiple Filespaces for various reasons and duplicate the Lucid in-built ACLs comprising of Users, Groups and Shares across Filespaces for simplicity of uniformed user access.

It could be hosting a separate Filespace for production to archive data and ensuring the data layout and Filespaces appear to users exactly the same. Or data migrations between Filespaces hosted on different object storage providers.

If you are performing a migration you might like to explore our Filespace data migration article.

In this article we will focus on the task of listing the Users, Groups and Shares via command-line scripts to export and import between source and destination Filespaces running as daemon instances on either Linux or Windows.

Linux (Bash)

1. Configure Filespace instances

    Source  Filespace

screen -S SourceFilespace -dm lucid --instance 1 daemon --fs source.domain --user root --password rootpwd --mount-point /mnt/source

    Destination Filespace

screen -S DestFilespace -dm lucid --instance 2 daemon --fs dest.domain --user root --password rootpwd --mount-point /mnt/dest

2. Download or create out of the code snippets user_script.sh, group_script.sh, user_group_script.sh, shares_script.sh and make each script executable. 

chmod u+x *_script.sh

3. Lists users from source Filespace instance 1 and import into Filespace instance 2 and generate a random password for each user outputted to users_passwords.txt

./user_script.sh <fs1rootpwd> <fs2rootpwd>
#!/bin/bash
lucid --instance 1 user --password $1 | sed 's/\s.*$//;s/\<lucid\>//g;s/\\//g' | tail -n +3 | head -n -1 > lucid_users.txt
while read -r user; do
usrcreate=("lucid --instance 2 user --create $user --user-password $RANDOM --user-force-pwd-change --password $2")
echo "$usrcreate" >> lucid_user_commands.txt
eval $usrcreate 2>&1 | tee -a lucid_user_output.txt
done < lucid_users.txt
cat lucid_user_commands.txt | sed 's/^.*create/User:/;s/\--user-password*/Password:/;s/\--user-force.*//g' | column -t >> users_passwords.txt
Each user will require their temporary password to login and will be forced to change their password at first login. 

Retrieve the passwords:
cat users_passwords.txt

4. List groups and import.

./group_script.sh <fs1rootpwd> <fs2rootpwd>
#!/bin/bash
lucid --instance 1 group --password $1 | sed 's/\s.*$//;s/\<lucid\>//g;s/\\//g' | tail -n +3 | head -n -1 > lucid_groups.txt
while read -r group; do
lucid --instance 2 group --create $group --password $2 2>&1 | tee -a lucid_groups_output.txt
done < lucid_groups.txt

5. List user group allocations and import.

./user_group_script.sh <fs1rootpwd> <fs2rootpwd>
#!/bin/bash
lucid --instance 1 group --password $1 | tr -s " " | column -t | awk '{gsub(/,/,ORS $1 OFS)} 1' | sed 's/\<lucid\>//g;s/\\//g' | tail -n +2 > lucid_groups_users.txt
while read -r group user; do
lucid --instance 2 user --set $user --add-group $group --password $2 2>&1 | tee -a lucid_user_groups_output.txt
done < lucid_groups_users.txt

6.  Allocate listed shares for users and groups.

If you've already copied the data and your directory structure exists your shares will create successfully. If not Rsync directory structure only between Source and Destinations for share creation.
rsync -av -f"+ */" -f"- *" "/mnt/source/" "/mnt/dest"

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./shares_script.sh <fs1rootpwd> <fs2rootpwd>
#!/bin/bash
lucid --instance 1 share --password $1 | sed -e 's/,\s\+/,/g;s/SHARED AS/SHAREDAS/g;s/SHARED PATH/SHAREDPATH/g;s/GROUP/GROUP TYPE/g;s/\<lucid\>//g;s/\\//g;s/[][]//g' | tr -s " " | column -t | tail -n +2 > lucid_shares.txt
while read -r sharedpath usergroup type sharedas permissions; do
lucid --instance 2 share --set $sharedpath --$type $usergroup --permissions $permissions --password $2 2>&1 | tee -a lucid_shares_output.txt
done < lucid_shares.txt

7. Check Filespace destination Users, Groups and Shares

lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 share --password <fs2rootpwd>

8. Clean up temporary files after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password. 

rm lucid_users.txt lucid_user_output.txt lucid_user_commands.txt users_passwords.txt lucid_groups_output.txt lucid_groups.txt lucid_groups_users.txt lucid_user_groups_output.txt lucid_shares_output.txt lucid_shares.txt
rm user_script.sh group_script.sh user_group_script.sh shares_script.sh

9. Exit Lucid instance daemons

lucid --instance 1 exit
lucid --instance 2 exit

Windows (PowerShell)

1. Configure Filespace source and target instances

    Source

Start-Process -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 1 daemon --fs source.domain --mount-point s: --password rootpwd"

    Target

Start-Process -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 daemon --fs target.domain --mount-point t: --password rootpwd"

2. Download or create out of the code snippets user_script.ps1, group_script.ps1, user_group_script.ps1, shares_script.ps1 

3. Users export and import script. Outputs 

./user_script.ps1 <fs1rootpwd> <fs2rootpwd>
Param(
[string]$FS1ROOTPWD,
[string]$FS2ROOTPWD
)

$SOURCEUSERS = lucid --instance 1 user --password $FS1ROOTPWD
$USERS = $SOURCEUSERS.replace('lucid\','').trim() -ne "" -replace "Yes.*", "" -replace "No.*", "" -replace '\s+', ';' | Select-Object -Skip 1

foreach ($LINES in $USERS) {
$PASSWD = Get-Random -Minimum 1000 -Maximum 10000
$USR, $EMAIL = $LINES -split ';'
$ExitCode = (Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 user --create $USR --user-password $PASSWD --user-email $EMAIL --user-force-pwd-change --password $FS2ROOTPWD" -Wait -PassThru -RedirectStandardOutput lucid_user_output.txt -RedirectStandardError lucid_user_error_output.txt).ExitCode
If ( $ExitCode -eq 0 ) { $userpassword = "User: $USR Password: $PASSWD" ; write-output $userpassword | Out-File users_passwords.txt -Append }
ElseIf ( $ExitCode -gt 1 ) { write-host "error $ExitCode" }
Get-Content lucid_user_output.txt, lucid_user_error_output.txt
Get-Content lucid_user_output.txt, lucid_user_error_output.txt | Out-File lucid_user_log.txt -Append
}
Each user will require their temporary password to login and will be forced to change their password at first login. 

Retrieve the passwords:
type users_passwords.txt

4. Group export and import script

./group_script.ps1 <fs1rootpwd> <fs2rootpwd>
Param(
[string]$FS1ROOTPWD,
[string]$FS2ROOTPWD
)

$SOURCEGROUPS = lucid --instance 1 group --password $FS1ROOTPWD
$GROUPS = $SOURCEGROUPS.replace('lucid\','').trim() -ne "" -replace '\s.+$' | Select-Object -Skip 1

foreach ($LINES in $GROUPS) {
$GROUP = $LINES -split ';'

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 group --create $GROUP --password $FS2ROOTPWD" -Wait -RedirectStandardOutput lucid_group_output.txt -RedirectStandardError lucid_group_error_output.txt
Get-Content lucid_group_output.txt, lucid_group_error_output.txt
Get-Content lucid_group_output.txt, lucid_group_error_output.txt | Out-File lucid_group_log.txt -Append
}

5. User to Group allocations script

./user_group_script.ps1 <fs1rootpwd> <fs2rootpwd>
Param(
[string]$FS1ROOTPWD,
[string]$FS2ROOTPWD
)

$SOURCEGROUPS = lucid --instance 1 group --password $FS1ROOTPWD
$GROUPS = $SOURCEGROUPS.replace('lucid\','').trim() -ne "" -replace '\s.+$' | Select-Object -Skip 1

foreach ($LINES in $GROUPS) {
$GROUP = $LINES -split ';'

$MEMBERS=lucid --instance 1 group --get $GROUP --password $FS1ROOTPWD
$USRLIST = $MEMBERS.replace('lucid\','').replace('Users','').trim() -ne "" -split ',' | Select-Object -Skip 1

foreach ($ENTRIES in $USRLIST) {
$USRLIST = $ENTRIES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 group --set $GROUP --add-user $USRLIST --password $FS2ROOTPWD" -Wait -RedirectStandardOutput lucid_group_user_output.txt -RedirectStandardError lucid_group_user_error_output.txt
Get-Content lucid_group_user_output.txt, lucid_group_user_error_output.txt
Get-Content lucid_group_user_output.txt, lucid_group_user_error_output.txt | Out-File lucid_group_user_log.txt -Append
}
}

6. Assign Shares script

If you've already copied the data and your directory structure exists your shares will create successfully. If not Robocopy directory structure only between Source and Destinations for share creation.
robocopy s: t: /e /xf * /r:0 /w:0

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./shares_script.ps1 <fs1rootpwd> <fs2rootpwd>
Param(
[string]$FS1ROOTPWD,
[string]$FS2ROOTPWD
)

$SOURCESHARES = lucid --instance 1 share --password $FS1ROOTPWD

$SHARES = $SOURCESHARES.replace('lucid\','').replace('SHARED PATH','SHAREDPATH').replace('SHARED AS','SHAREDAS').replace('USER/GROUP','USER/GROUP TYPE').replace('read, write','read,write').replace('[user]','user').replace('[group]','group').trim() -ne "" -replace '\s+', ';' | Select-Object -Skip 1

foreach ($LINES in $SHARES) {
$SHAREDPATH, $USERGROUP, $TYPE, $SHAREDAS, $PERMISSIONS = $LINES -split ';'

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 share --set $SHAREDPATH --$TYPE $USERGROUP --permissions $PERMISSIONS --password $FS2ROOTPWD" -Wait -RedirectStandardOutput lucid_shares_output.txt -RedirectStandardError lucid_shares_error_output.txt
Get-Content lucid_shares_output.txt, lucid_shares_error_output.txt
Get-Content lucid_shares_output.txt, lucid_shares_error_output.txt | Out-File lucid_shares_log.txt -Append
}

7. Check Filespace destination Users, Groups and Shares

lucid --instance 2 user --password <fs2rootpwd>
lucid --instance 2 group --password <fs2rootpwd>
lucid --instance 2 share --password <fs2rootpwd>

8. Clean up temporary files after taking special consideration to capture the contents of users_passwords.txt which contains the users temporary password. 

del users_passwords.txt,lucid_user_log.txt,lucid_user_output.txt,lucid_user_error_output.txt,lucid_shares_output.txt,lucid_shares_log.txt,lucid_shares_error_output.txt,lucid_group_user_output.txt,lucid_group_user_log.txt,lucid_group_user_error_output.txt,lucid_group_output.txt,lucid_group_log.txt,lucid_group_error_output.txt 
del user_script.ps1,group_script.ps1,user_group_script.ps1,share_script.ps1

9. Exit Lucid source and target instance daemons

lucid --instance 1 exit
lucid --instance 2 exit
Scripts are designed against Lucid in-built User, Group, Share ACLs although easily adapted to support SSO implementations.

Adjust `lucid` with `azure` and/or `okta` accordingly or expand regular expressions to add both for mixed ACLs environments or replace depending on configuration.

Please feel free to liaise with our Support team for assistance. 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.