VFS WORM module

[David Collier-Brown]

On 09/16/2013 02:23 PM, Richard Sharpe wrote:
> On Mon, Sep 16, 2013 at 10:45 AM, Marc Muehlfeld
> <samba at marc-muehlfeld.de> wrote:
>> Hello,
>>
>> at work we are currently looking for something that allows to store files on
>> a Samba share. After a defined time, the files/directories should be
>> accessible only read-only on the share. So it should be a kind of WORM
>> feature (of course it wouldn't on Unix side. But that's OK).
>>
>> So my thought was: Maybe this could be done through a VFS module (create
>> time + x days < current time: write access denied)
>>
>> My questions:
>> - Is there already a module that does something similar and can be easily
>> adapted to provide a kind of WORM feature?
>> - Can this be done by some who is familiar with C? Or should it be better
>> done by someone who is Samba code experienced?
>> - Do you guess it's much work? 1, 2, 3 weeks,...?
>>
>> If the total costs wouldn't be to high and we could realise it, the final
>> module should of course find back to the Samba project, as it could be
>> interesting for others, too.
> I think there are two ways to deal with this:
>
> 1. Use ACLs and add an OWNER RIGHTS ACE that denies any DELETE or
> WRITE-like access rights.
>
> 2. Add a VFS module that implements CreateFile or open that disallows
> opening for write any existing file.
>

The former could be done with a cron job and find -mtime N | chmod -w
In this case it would wormify the file N days after it stopped changing,
which is something that I'd have loved to have on a real WORM drive.

--dave


-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net           |                      -- Mark Twain
(416) 223-8968