[Samba] vfs_snapper
Stefan G. Weichinger
lists at xunil.at
Mon Jun 17 13:40:42 UTC 2024
Am 17.06.24 um 14:21 schrieb Stefan G. Weichinger via samba:
>
> is this module still maintained and working?
>
> https://www.samba.org/samba/docs/current/man-html/vfs_snapper.8.html
>
> starting to set up the pieces, I have snapshots in btrfs with snapper
> itself but so far nothing visible on the windows explorer side.
>
> As always I rtfm all over ;-)
>
> I assume I have to do some extra magic to allow the winbind users/groups
> in ...
>
> in the related snapper-config I already have:
>
> ALLOW_GROUPS="domain\ admins"
> SYNC_ACL="yes"
>
> Maybe we miss the correct setup for Windows ACLs, I have to wait for
> their admin to check that also
>
> thanks for any real world examples or so
>
> greetings, Stefan
>
I don't fully understand.
man-page says
"This directory must permit traversal for any users wishing to access
snapshots via the Windows Explorer previous versions dialog. By default,
traversal is forbidden for all non-root users. Additionally, users must
be granted permission to list snapshots managed by snapper, via
snapper's ALLOW_USERS or ALLOW_GROUPS options. Snapper can grant these
users and groups .snapshots traversal access automatically via the
SYNC_ACL option."
how do I allow traversal?
I have set ALLOW_GROUPS and SYNC_ACL, and the admin there tells me he
only sees the top level directories in the snapshots but nothing below.
These look like this in linux:
/mnt/pool1/samba/data/.snapshots# ls -l
total 156
drwxr-xr-x 1 root root 32 Jun 11 17:06 1
drwxr-xr-x 1 root root 32 Jun 16 00:00 105
drwxr-xr-x 1 root root 32 Jun 16 08:00 113
drwxr-xr-x 1 root root 32 Jun 16 09:00 114
so I assume the windows user browsing the "previous versions" has to be
mapped to be member of the group "root", right?
The user is member of "domain admins", isn't that enough?
Or does "SYNC_ACL" not yet work OK, because we miss the steps in
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
which is what I assume (I have to wait for their admin to walk him
through these steps)
More information about the samba
mailing list