[Samba] Worm VFS module not working?

Aaron C. de Bruyn aaron at heyaaron.com
Fri Jul 2 03:56:41 UTC 2021 

Darn!  Thanks for the info Andrew.
I don't speak C, otherwise I'd give it a shot.
It's super handy for when cryptolocker comes knocking because one of your
clients is still running Exchange 2007 and Office 2007 in the year 2021...
;)

-A

On Thu, Jul 1, 2021 at 8:50 PM Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2021-07-01 at 20:34 -0700, Aaron C. de Bruyn via samba wrote:
> > I'm beginning to think the 'worm' VFS module might not be working.
> >
> > I've spent the last 30 minutes or so playing around with it...and I
> > *swear*
> > I had it working when I implemented it about 6 months ago...but it
> > lets me
> > delete/rename/modify any file.
> >
> > Here's a sample share definition from one of my NAS boxen:
> >
> > [archive]
> >      comment = Archive Folder
> >      path = /tank/archive
> >      acl allow execute always = False
> >      guest ok = False
> >      read only = False
> >      valid users = adebruyn
> >      vfs objects = worm shadow_copy2 full_audit
> >      worm:grace_period = 300
> >
> >
> > If I connect to the archive folder, I can delete anything--even files
> > with
> > dates from 2016.
> >
> > Is there something to the vfs objects ordering or maybe the module is
> > broken in my really super old 4.9.5-Debian package?
>
> While this module is admirable, I wouldn't recommend it.  Since over
> two years ago this MR has remained unmerged in our GitLab:
>
> Prevent Linux client ability to disobey VFS WORM
> https://gitlab.com/samba-team/samba/-/merge_requests/191
>
> There is no testsuite and there has been no maintenance since it was
> added other than suspiciously changes for the VFS rewrite (I would have
> expected more).
>
>
> https://gitlab.com/samba-team/samba/-/commits/master/source3/modules/vfs_worm.c
>
> Had it a solid testsuite and active maintenance, I think this would be
> an awesome idea, particularly in this ransomware era, but alas.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
>
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
>
>
>
>
>
>

More information about the samba mailing list