[Samba] Shadow Copy 2 not read only

Tercio Gaudencio Filho terciofilho at gmail.com
Fri Feb 23 14:11:50 UTC 2018


Setup: Samba version 4.5.12-Debian.

security = USER
server role = standalone server
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
panic action = /usr/share/samba/panic-action %d
map to guest = Bad User
passdb backend = tdbsam
username map = /etc/samba/usersgroups.map
usershare path =
disable spoolss = Yes
load printers = No
printcap name = /dev/null
printing = bsd
wins support = No
dns proxy = No
name resolve order = host
disable netbios = No
inherit acls = Yes
inherit owner = Yes
inherit permissions = Yes

   path = /srv/samba/adm
   read only = No
   vfs objects = shadow_copy2
   shadow:basedir = /srv/samba/adm
   shadow:snapdir = /srv/snapshots/adm
   shadow:sort = desc

I'm using shadow_copy2, but I found an issue when a user opened a file in
the history and could change this file. The file is not readonly. Which
IMHO is critical, snapshots should be immutable.

The snapshots are stored in the same filesystem, so I can't mount it
readonly. Also it depends on hard links to save space, so I can't change
permissions(Hardlinks cannot have different permissions).

I'll possibly change the snapshots to a readonly mounted filesystem, and
when needed, I'll mount it rw.

What is your opinion on this? How you guys are using it?

JFYI i'm using rsync and a custom python script(Will release them as soon
as I fix this issue) to create the snapshots,


Tercio Gaudencio Filho

More information about the samba mailing list