Samba File Server and Docker

Dan Seguin dan.seguin at Cord3Inc.com
Tue Mar 10 06:25:37 UTC 2020


________________________________________
From: Andrew Bartlett <abartlet at samba.org>
Sent: March 10, 2020 2:14 AM
To: Dan Seguin; samba-technical at lists.samba.org
Subject: Re: Samba File Server and Docker

On Tue, 2020-03-10 at 05:59 +0000, Dan Seguin via samba-technical
wrote:
> I'm writing a VFS module for a back end encryption and KMI system. I
> hope that I can provide something somewhat like the Scanner VFS does,
> i.e. an api for a plugable backend.
>
> I have a design in mind, not sure of the ramifications involving
> disconnected/reconnected sessions and statefulness.
>
> I hope there's interest out there on this, I'll outline how I'm
> approaching this.  I'll share what I have as things progress, and
> publish (if deemed solid).

I looked into this for a client a couple of years back, and I strongly
suggested that they use the kernel VFS or block layer encrypted file
systems.

The reason I say this is that is is quite tricky to do this right in
Samba, with complexity and issues similar to the recently removed
'write cache' code.

The challenges is that Samba clients expect to be able to:
 - seek to arbitrary file positions
 - read and write less than a whole block, and not on block offsets
 - do so safely from multiple clients where a write to position A and B
are safe and independent, even if they are in the same encryption
block.

Of course, if your backend is already doing this and you just need to
interface to their userspace VFS interface, then go right ahead, just
don't blame Samba if the backend doesn't quite life up to the promises
it makes :-)

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


I understand. 

My proposed design is that the shares (files) are "show only",  any open means if  "policy" allows, a decrypted copy is made to an isolated "session area", say a hashed username DOT subdir, the resulting "OPEN" call will then get the decrypted FD returned.  

I'm only worried about the STAT calls in the FSP before any close.  Can I re-write the FSP filename for STAT/LSTAT/etc calls?

Hope this makes sense. 





More information about the samba-technical mailing list