On Thu, 2021-07-01 at 20:34 -0700, Aaron C. de Bruyn via samba
wrote:> I'm beginning to think the 'worm' VFS module might not be
working.
>
> I've spent the last 30 minutes or so playing around with it...and I
> *swear*
> I had it working when I implemented it about 6 months ago...but it
> lets me
> delete/rename/modify any file.
>
> Here's a sample share definition from one of my NAS boxen:
>
> [archive]
> comment = Archive Folder
> path = /tank/archive
> acl allow execute always = False
> guest ok = False
> read only = False
> valid users = adebruyn
> vfs objects = worm shadow_copy2 full_audit
> worm:grace_period = 300
>
>
> If I connect to the archive folder, I can delete anything--even files
> with
> dates from 2016.
>
> Is there something to the vfs objects ordering or maybe the module is
> broken in my really super old 4.9.5-Debian package?
While this module is admirable, I wouldn't recommend it. Since over
two years ago this MR has remained unmerged in our GitLab:
Prevent Linux client ability to disobey VFS WORM
https://gitlab.com/samba-team/samba/-/merge_requests/191
There is no testsuite and there has been no maintenance since it was
added other than suspiciously changes for the VFS rewrite (I would have
expected more).
https://gitlab.com/samba-team/samba/-/commits/master/source3/modules/vfs_worm.c
Had it a solid testsuite and active maintenance, I think this would be
an awesome idea, particularly in this ransomware era, but alas.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions