Hi! Setup: Samba version 4.5.12-Debian. smb.conf: [global] security = USER server role = standalone server log file = /var/log/samba/log.%m log level = 3 max log size = 1000 panic action = /usr/share/samba/panic-action %d map to guest = Bad User passdb backend = tdbsam username map = /etc/samba/usersgroups.map usershare path disable spoolss = Yes load printers = No printcap name = /dev/null printing = bsd wins support = No dns proxy = No name resolve order = host disable netbios = No inherit acls = Yes inherit owner = Yes inherit permissions = Yes [Adm] path = /srv/samba/adm read only = No vfs objects = shadow_copy2 shadow:basedir = /srv/samba/adm shadow:snapdir = /srv/snapshots/adm shadow:sort = desc I'm using shadow_copy2, but I found an issue when a user opened a file in the history and could change this file. The file is not readonly. Which IMHO is critical, snapshots should be immutable. The snapshots are stored in the same filesystem, so I can't mount it readonly. Also it depends on hard links to save space, so I can't change permissions(Hardlinks cannot have different permissions). I'll possibly change the snapshots to a readonly mounted filesystem, and when needed, I'll mount it rw. What is your opinion on this? How you guys are using it? JFYI i'm using rsync and a custom python script(Will release them as soon as I fix this issue) to create the snapshots, Thanks! -- Atenciosamente, Tercio Gaudencio Filho
On Fri, Feb 23, 2018 at 02:11:50PM +0000, Tercio Gaudencio Filho via samba wrote:> Hi! > > > Setup: Samba version 4.5.12-Debian. > > smb.conf: > [global] > security = USER > server role = standalone server > log file = /var/log/samba/log.%m > log level = 3 > max log size = 1000 > panic action = /usr/share/samba/panic-action %d > map to guest = Bad User > passdb backend = tdbsam > username map = /etc/samba/usersgroups.map > usershare path > disable spoolss = Yes > load printers = No > printcap name = /dev/null > printing = bsd > wins support = No > dns proxy = No > name resolve order = host > disable netbios = No > inherit acls = Yes > inherit owner = Yes > inherit permissions = Yes > > [Adm] > path = /srv/samba/adm > read only = No > vfs objects = shadow_copy2 > shadow:basedir = /srv/samba/adm > shadow:snapdir = /srv/snapshots/adm > shadow:sort = desc > > > I'm using shadow_copy2, but I found an issue when a user opened a file in > the history and could change this file. The file is not readonly. Which > IMHO is critical, snapshots should be immutable.Currently the shadow_copy2 module doesn't enforce read-only access. It could be added as an option, but that's a code change needed.
> What is your opinion on this? How you guys are using it?I think this module is meant to use snapshots created with LVM snapshots, BTRFS snapshots or similar : those can easily be made read only. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 874 bytes Desc: OpenPGP digital signature URL: <lists.samba.org/pipermail/samba/attachments/20180223/81ebe0f1/signature.sig>
I see, that is what I tought when I first identified this issue. On Fri, Feb 23, 2018 at 2:05 PM Yvan Masson via samba <samba at lists.samba.org> wrote:> > What is your opinion on this? How you guys are using it? > > I think this module is meant to use snapshots created with LVM > snapshots, BTRFS snapshots or similar : those can easily be made read only. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba-- Atenciosamente, Tercio Gaudencio Filho
Well, just to keep the record, I solved my problem doing a readonly bind mount to the original snapshots and configured Shadow Copy 2 to look into this folder. This way I have a ro shadow-copy and still have a rw to do the snapshots without having to remount everytime I need a snapshot. In my case, /srv/snapshots is rw. mount -o bind,ro /srv/snapshots /srv/snapshots-ro In smb.conf: ... shadow:snapdir = /srv/snapshots-ro/adm ... Here is my script that creates the snapshots. gist.github.com/0x3333/8934b528b3acfd06314e557eba3314fe Thanks! On Fri, Feb 23, 2018 at 1:49 PM Jeremy Allison <jra at samba.org> wrote:> On Fri, Feb 23, 2018 at 02:11:50PM +0000, Tercio Gaudencio Filho via samba > wrote: > > Hi! > > > > > > Setup: Samba version 4.5.12-Debian. > > > > smb.conf: > > [global] > > security = USER > > server role = standalone server > > log file = /var/log/samba/log.%m > > log level = 3 > > max log size = 1000 > > panic action = /usr/share/samba/panic-action %d > > map to guest = Bad User > > passdb backend = tdbsam > > username map = /etc/samba/usersgroups.map > > usershare path > > disable spoolss = Yes > > load printers = No > > printcap name = /dev/null > > printing = bsd > > wins support = No > > dns proxy = No > > name resolve order = host > > disable netbios = No > > inherit acls = Yes > > inherit owner = Yes > > inherit permissions = Yes > > > > [Adm] > > path = /srv/samba/adm > > read only = No > > vfs objects = shadow_copy2 > > shadow:basedir = /srv/samba/adm > > shadow:snapdir = /srv/snapshots/adm > > shadow:sort = desc > > > > > > I'm using shadow_copy2, but I found an issue when a user opened a file in > > the history and could change this file. The file is not readonly. Which > > IMHO is critical, snapshots should be immutable. > > Currently the shadow_copy2 module doesn't enforce read-only > access. It could be added as an option, but that's a code > change needed. >-- Atenciosamente, Tercio Gaudencio Filho