[Samba] Shadow Copy 2 not read only
Tercio Gaudencio Filho
terciofilho at gmail.com
Mon Feb 26 21:35:53 UTC 2018
Well, just to keep the record, I solved my problem doing a readonly bind
mount to the original snapshots and configured Shadow Copy 2 to look into
this folder. This way I have a ro shadow-copy and still have a rw to do the
snapshots without having to remount everytime I need a snapshot.
In my case, /srv/snapshots is rw.
mount -o bind,ro /srv/snapshots /srv/snapshots-ro
In smb.conf:
...
shadow:snapdir = /srv/snapshots-ro/adm
...
Here is my script that creates the snapshots.
https://gist.github.com/0x3333/8934b528b3acfd06314e557eba3314fe
Thanks!
On Fri, Feb 23, 2018 at 1:49 PM Jeremy Allison <jra at samba.org> wrote:
> On Fri, Feb 23, 2018 at 02:11:50PM +0000, Tercio Gaudencio Filho via samba
> wrote:
> > Hi!
> >
> >
> > Setup: Samba version 4.5.12-Debian.
> >
> > smb.conf:
> > [global]
> > security = USER
> > server role = standalone server
> > log file = /var/log/samba/log.%m
> > log level = 3
> > max log size = 1000
> > panic action = /usr/share/samba/panic-action %d
> > map to guest = Bad User
> > passdb backend = tdbsam
> > username map = /etc/samba/usersgroups.map
> > usershare path =
> > disable spoolss = Yes
> > load printers = No
> > printcap name = /dev/null
> > printing = bsd
> > wins support = No
> > dns proxy = No
> > name resolve order = host
> > disable netbios = No
> > inherit acls = Yes
> > inherit owner = Yes
> > inherit permissions = Yes
> >
> > [Adm]
> > path = /srv/samba/adm
> > read only = No
> > vfs objects = shadow_copy2
> > shadow:basedir = /srv/samba/adm
> > shadow:snapdir = /srv/snapshots/adm
> > shadow:sort = desc
> >
> >
> > I'm using shadow_copy2, but I found an issue when a user opened a file in
> > the history and could change this file. The file is not readonly. Which
> > IMHO is critical, snapshots should be immutable.
>
> Currently the shadow_copy2 module doesn't enforce read-only
> access. It could be added as an option, but that's a code
> change needed.
>
--
Atenciosamente,
Tercio Gaudencio Filho
More information about the samba
mailing list