File Metadata Synchronization

<< Click to Display Table of Contents >>

Navigation:  Peer Global File Service Help > Advanced Topics >

File Metadata Synchronization

Overview

File metadata consists of additional information associated with a file, including attributes such as ownership, permissions, and auditing settings. The structure and representation of this metadata vary depending on the underlying file system. In this context, file metadata primarily refers to security-related metadata used to control access and auditing.

For Windows-based systems, file metadata is primarily represented using Access Control Lists (ACLs).  For NFS and Linux-based systems, metadata includes standard POSIX attributes as well as optional ACLs.

The metadata elements that can be synchronized include:

Windows (NTFS) metadata:

Owner: The user who owns the file or folder and can modify permissions.

DACL (Discretionary Access Control List): Defines which users and groups are granted or denied access.

SACL (System Access Control List): Specifies auditing rules for access attempts.

NFS/Linux metadata:

Owner: The user ID (UID) associated with the file.

Group: The group ID (GID) associated with the file.

Permissions: Standard read, write, and execute permissions for owner, group, and others.

ACLs: Extended permissions using either NFSv4 ACLs or POSIX ACLs, depending on the system configuration.

File Metadata Conflict Resolution

File metadata conflict resolution occurs the first time a file is synchronized and only when one or more security attributes do not match those of the designated master host.

If the file does not exist on the designated master host, conflict resolution is not performed.  If a master host is not selected, file metadata synchronization is not performed during the initial synchronization.

ACL Requirements

Enabling ACL synchronization requires that all participating systems can resolve and apply the referenced users and groups defined in the ACLs or file ownership.  Failure to do so may result in files being inaccessible on target systems.

All Peer Agents must run under an account with sufficient privileges to read and apply security metadata across all participating systems.

To ensure accurate and consistent metadata propagation, security settings for the watch set must match across all participants.  Differences in underlying file systems or permission models (for example, Windows and NFS environments) may affect how permissions are interpreted and applied.