Jump to content
  • 0

Run DrivePool service as user other than SYSTEM?


tcmillwork

Question

We're using DrivePool on a storage server whose purpose is to store daily and weekly backups of a busy company NAS on a Windows domain.  The backup software runs on the same server, reading from our (Linux-based) NAS over the network, copying both files and their NTFS ACLs to the DrivePool drive (D:).

We'd like to know if it's ok to change the Run As setting of the DrivePool service from SYSTEM to a domain user -- for instance, the same domain user which our backup software runs as, which is a member of the Domain Admins group and already has permission to login as a service on the server.

The reason: we recently had a drive failure on the server & had to go through the process of removing the failed drive, adding the replacement to the pool, and reduplicating.

This worked well in general; but a number of files (about 47000) were left unduplicated due to the fact that the SYSTEM account, which the DrivePool service runs as, did not have permission to read them.

The folder being backed up to the pool has some slightly complicated permissions.  The root folder does have full control for SYSTEM; and most subfolders inherit this. However, certain subfolders do not inherit permissions from their parent; and some have folder-level permissions which are not inheritable.  In certain folders, e.g. a folder full of main customer account folders, we need to deliberately add appropriate permissions after a new subfolder is created. 

If permissions for the domain users or domain admins groups are lacking, we soon hear about it from our backup software when it fails to backup the files; but there has never been a reason to add permissions for SYSTEM.

Note that files and folders without SYSTEM permissions originally make it into the pool without any problem. I suppose this is because it's the virtual disk driver behind the pool drive that is in play here, not the DrivePool service.  The backup software, running as a domain user with full permission to read the files and their ACLs, writes to the DrivePool virtual disk device and sets ACLs; no problem.  But when reduplication is necessary, it's the DrivePool service that's copying things around on the physical disks; and it's running as SYSTEM.

I have already fixed our duplication failures by adding SYSTEM permission to the subfolders which lacked it; but if we need to replace another drive in the future, this is likely to happen again, as not everyone who has permission to make folders and set permissions can be counted on to always add SYSTEM permission.

Thanks in advance for your input.

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...