[Samba] vfs_snapper

Stefan G. Weichinger lists at xunil.at
Mon Jun 17 13:40:42 UTC 2024

Am 17.06.24 um 14:21 schrieb Stefan G. Weichinger via samba:
> is this module still maintained and working?
> https://www.samba.org/samba/docs/current/man-html/vfs_snapper.8.html
> starting to set up the pieces, I have snapshots in btrfs with snapper 
> itself but so far nothing visible on the windows explorer side.
> As always I rtfm all over ;-)
> I assume I have to do some extra magic to allow the winbind users/groups 
> in ...
> in the related snapper-config I already have:
> ALLOW_GROUPS="domain\ admins"
> SYNC_ACL="yes"
> Maybe we miss the correct setup for Windows ACLs, I have to wait for 
> their admin to check that also
> thanks for any real world examples or so
> greetings, Stefan

I don't fully understand.

man-page says

"This directory must permit traversal for any users wishing to access 
snapshots via the Windows Explorer previous versions dialog. By default, 
traversal is forbidden for all non-root users. Additionally, users must 
be granted permission to list snapshots managed by snapper, via 
snapper's ALLOW_USERS or ALLOW_GROUPS options. Snapper can grant these 
users and groups .snapshots traversal access automatically via the 
SYNC_ACL option."

how do I allow traversal?

I have set ALLOW_GROUPS and SYNC_ACL, and the admin there tells me he 
only sees the top level directories in the snapshots but nothing below.

These look like this in linux:

/mnt/pool1/samba/data/.snapshots# ls -l
total 156
drwxr-xr-x 1 root root 32 Jun 11 17:06 1
drwxr-xr-x 1 root root 32 Jun 16 00:00 105
drwxr-xr-x 1 root root 32 Jun 16 08:00 113
drwxr-xr-x 1 root root 32 Jun 16 09:00 114

so I assume the windows user browsing the "previous versions" has to be 
mapped to be member of the group "root", right?

The user is member of "domain admins", isn't that enough?

Or does "SYNC_ACL" not yet work OK, because we miss the steps in


which is what I assume (I have to wait for their admin to walk him 
through these steps)

More information about the samba mailing list