[Samba] Worm VFS module not working?

Andrew Bartlett abartlet at samba.org
Fri Jul 2 03:50:33 UTC 2021

On Thu, 2021-07-01 at 20:34 -0700, Aaron C. de Bruyn via samba wrote:
> I'm beginning to think the 'worm' VFS module might not be working.
> I've spent the last 30 minutes or so playing around with it...and I
> *swear*
> I had it working when I implemented it about 6 months ago...but it
> lets me
> delete/rename/modify any file.
> Here's a sample share definition from one of my NAS boxen:
> [archive]
>      comment = Archive Folder
>      path = /tank/archive
>      acl allow execute always = False
>      guest ok = False
>      read only = False
>      valid users = adebruyn
>      vfs objects = worm shadow_copy2 full_audit
>      worm:grace_period = 300
> If I connect to the archive folder, I can delete anything--even files
> with
> dates from 2016.
> Is there something to the vfs objects ordering or maybe the module is
> broken in my really super old 4.9.5-Debian package?

While this module is admirable, I wouldn't recommend it.  Since over
two years ago this MR has remained unmerged in our GitLab:

Prevent Linux client ability to disobey VFS WORM

There is no testsuite and there has been no maintenance since it was
added other than suspiciously changes for the VFS rewrite (I would have
expected more).


Had it a solid testsuite and active maintenance, I think this would be
an awesome idea, particularly in this ransomware era, but alas.

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list