[Samba] Worm VFS module not working?
Aaron C. de Bruyn
aaron at heyaaron.com
Fri Jul 2 03:56:41 UTC 2021
Darn! Thanks for the info Andrew.
I don't speak C, otherwise I'd give it a shot.
It's super handy for when cryptolocker comes knocking because one of your
clients is still running Exchange 2007 and Office 2007 in the year 2021...
On Thu, Jul 1, 2021 at 8:50 PM Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2021-07-01 at 20:34 -0700, Aaron C. de Bruyn via samba wrote:
> > I'm beginning to think the 'worm' VFS module might not be working.
> > I've spent the last 30 minutes or so playing around with it...and I
> > *swear*
> > I had it working when I implemented it about 6 months ago...but it
> > lets me
> > delete/rename/modify any file.
> > Here's a sample share definition from one of my NAS boxen:
> > [archive]
> > comment = Archive Folder
> > path = /tank/archive
> > acl allow execute always = False
> > guest ok = False
> > read only = False
> > valid users = adebruyn
> > vfs objects = worm shadow_copy2 full_audit
> > worm:grace_period = 300
> > If I connect to the archive folder, I can delete anything--even files
> > with
> > dates from 2016.
> > Is there something to the vfs objects ordering or maybe the module is
> > broken in my really super old 4.9.5-Debian package?
> While this module is admirable, I wouldn't recommend it. Since over
> two years ago this MR has remained unmerged in our GitLab:
> Prevent Linux client ability to disobey VFS WORM
> There is no testsuite and there has been no maintenance since it was
> added other than suspiciously changes for the VFS rewrite (I would have
> expected more).
> Had it a solid testsuite and active maintenance, I think this would be
> an awesome idea, particularly in this ransomware era, but alas.
> Andrew Bartlett
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
> Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba