1
<?xml version="1.0" encoding="iso-8859-1"?>
2
<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
8
<author><firstname>Simo</firstname><surname>Sorce</surname><contrib>original vfs_skel README</contrib></author>
9
<author><firstname>Alexander</firstname><surname>Bokovoy</surname><contrib>original vfs_netatalk docs</contrib></author>
10
<author><firstname>Stefan</firstname><surname>Metzmacher</surname><contrib>Update for multiple modules</contrib></author>
11
<author><firstname>Ed</firstname><surname>Riddle</surname><contrib>original shadow_copy docs</contrib></author>
13
<title>Stackable VFS modules</title>
16
<title>Features and Benefits</title>
19
<indexterm><primary>Virtual File System</primary><see>VFS</see></indexterm>
20
<indexterm><primary>modules</primary></indexterm>
21
<indexterm><primary>loaded modules</primary></indexterm>
22
Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba
23
passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the
24
modules that come with the Samba source and provides references to some external modules.
31
<title>Discussion</title>
34
<indexterm><primary>IRIX</primary></indexterm>
35
<indexterm><primary>GNU/Linux</primary></indexterm>
36
If not supplied with your platform distribution binary Samba package, you may have problems compiling these
37
modules, as shared libraries are compiled and linked in different ways on different systems. They currently
38
have been tested against GNU/Linux and IRIX.
42
<indexterm><primary>VFS modules</primary></indexterm>
43
<indexterm><primary>modules</primary></indexterm>
44
<indexterm><primary>recycle bin</primary></indexterm>
45
To use the VFS modules, create a share similar to the one below. The important parameter is the <smbconfoption
46
name="vfs objects"/> parameter where you can list one or more VFS modules by name. For example, to log all
47
access to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">the smb.conf with VFS
48
modules example</link>:
51
<example id="vfsrecyc">
52
<title>smb.conf with VFS modules</title>
54
<smbconfsection name="[audit]"/>
55
<smbconfoption name="comment">Audited /data directory</smbconfoption>
56
<smbconfoption name="path">/data</smbconfoption>
57
<smbconfoption name="vfs objects">audit recycle</smbconfoption>
58
<smbconfoption name="writeable">yes</smbconfoption>
59
<smbconfoption name="browseable">yes</smbconfoption>
64
<indexterm><primary>virus scanner</primary></indexterm>
65
<indexterm><primary>scanner module</primary></indexterm>
66
<indexterm><primary>recycle bin</primary></indexterm>
67
The modules are used in the order in which they are specified. Let's say that you want to both have a virus
68
scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that
69
it is the first to get run and may detect a virus immediately, before any action is performed on that file.
70
<smbconfoption name="vfs objects">vscan-clamav recycle</smbconfoption>
74
<indexterm><primary>/usr/local/samba/lib/vfs</primary></indexterm>
75
<indexterm><primary>/usr/lib/samba/vfs</primary></indexterm>
76
Samba will attempt to load modules from the <filename>/lib</filename> directory in the root directory of the
77
Samba installation (usually <filename>/usr/lib/samba/vfs</filename> or
78
<filename>/usr/local/samba/lib/vfs</filename>).
82
<indexterm><primary>modules</primary></indexterm>
83
<indexterm><primary>VFS</primary></indexterm>
84
<indexterm><primary>multiple modules</primary></indexterm>
85
<indexterm><primary>multiple VFS</primary></indexterm>
86
Some modules can be used twice for the same share. This can be done using a configuration similar to the one
87
shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</link>.
89
<example id="multimodule">
90
<title>smb.conf with multiple VFS modules</title>
92
<smbconfsection name="[test]"/>
93
<smbconfoption name="comment">VFS TEST</smbconfoption>
94
<smbconfoption name="path">/data</smbconfoption>
95
<smbconfoption name="writeable">yes</smbconfoption>
96
<smbconfoption name="browseable">yes</smbconfoption>
97
<smbconfoption name="vfs objects">example:example1 example example:test</smbconfoption>
98
<smbconfoption name="example1: parameter">1</smbconfoption>
99
<smbconfoption name="example: parameter">5</smbconfoption>
100
<smbconfoption name="test: parameter">7</smbconfoption>
108
<title>Included Modules</title>
114
<indexterm><primary>audit file access</primary></indexterm>
115
A simple module to audit file access to the syslog facility. The following operations are logged:
117
<listitem><para>share</para></listitem>
118
<listitem><para>connect/disconnect</para></listitem>
119
<listitem><para>directory opens/create/remove</para></listitem>
120
<listitem><para>file open/close/rename/unlink/chmod</para></listitem>
127
<title>default_quota</title>
130
This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server.
131
The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.
135
Samba returns NO_LIMIT as the default quotas by default and refuses to update them. With this module you
136
can store the default quotas that are reported to a windows client, in the quota record of a user. By
137
default the root user is taken because quota limits for root are typically not enforced.
141
This module takes 2 parametric entries in the &smb.conf; file. The default prefix for each is the
142
<quote>default_quota</quote>. This can be overwrittem when you load the module in the <emphasis>vfs
143
modules</emphasis> parameter like this:
145
vfs objects = default_quota:myprefix
150
The parametric entries that may be specified for the default_quotas module are:
155
<term>myprefix:uid</term>
157
This parameter takes a integer argument that specifies the uid of the quota record that will be
158
used for storing the default user quotas.
162
The default value is 0 (for root user). An example of use is:
164
vfs objects = default_quota
165
default_quota: uid = 65534
167
The above demonstrates the case where the <constant>myprefix</constant> was omitted, thus the
168
default prefix is the name of the module. When a <constant>myprefix</constant> parameter is
169
specified the above can be re-written like this:
171
vfs objects = default_quota:myprefix
172
myprefix: uid = 65534
178
<term>myprefix:uid nolimit</term>
180
This parameter takes a boolean argument that specifies if the stored default quota values also be
181
reported for the user record, or if the value <constant>NO_LIMIT</constant> should be reported to
182
the windows client for the user specified by the <parameter>prefix:uid</parameter> parameter.
186
The default value is <constant>yes</constant> (which means to report NO_LIMIT). An example of use
189
vfs objects = default_quota:myprefix
190
myprefix: uid nolimit = no
196
<term>myprefix:gid</term>
198
This parameter takes an integer argument, it's just like the <parameter>prefix>:uid</parameter> but
199
for group quotas. NOTE: group quotas are not supported from the windows explorer.
203
The default value is 0 (for root group). An example of use is shown here:
205
vfs objects = default_quota
206
default_quota: gid = 65534
212
<term>myprefix:gid nolimit</term>
214
This parameter takes a boolean argument, just like the <parameter>prefix>:uid nolimit</parameter>
215
but for group quotas. NOTE: group quotas are not supported from the windows explorer.
219
The default value is <constant>yes</constant> (which means to report NO_LIMIT). An example of use
222
vfs objects = default_quota
223
default_quota: uid nolimit = no
230
An example of use of multiple parametric specifications is shown here:
233
vfs objects = default_quota:quotasettings
234
quotasettings: uid nolimit = no
235
quotasettings: gid = 65534
236
quotasettings: gid nolimit = no
244
<title>extd_audit</title>
247
<indexterm><primary>audit module</primary></indexterm>
248
<indexterm><primary>extd_audit module</primary></indexterm>
249
<indexterm><primary>smbd</primary></indexterm>
250
This module is identical with the <command>audit</command> module above except
251
that it sends audit logs to both syslog as well as the <command>smbd</command> log files. The
252
<smbconfoption name="log level"/> for this module is set in the &smb.conf; file.
256
Valid settings and the information that will be recorded are shown in <link linkend="xtdaudit">the next table</link>.
259
<table frame="all" id="xtdaudit">
260
<title>Extended Auditing Log Information</title>
261
<tgroup cols="2" align="center">
263
<row><entry align="center">Log Level</entry><entry>Log Details - File and Directory Operations</entry></row>
266
<row><entry align="center">0</entry><entry align="left">Make Directory, Remove Directory, Unlink</entry></row>
267
<row><entry align="center">1</entry><entry align="left">Open Directory, Rename File, Change Permissions/ACLs</entry></row>
268
<row><entry align="center">2</entry><entry align="left">Open & Close File</entry></row>
269
<row><entry align="center">10</entry><entry align="left">Maximum Debug Level</entry></row>
275
<title>Configuration of Auditing</title>
278
<indexterm><primary>logging</primary></indexterm>
279
This auditing tool is more felxible than most people readily will recognize. There are a number of ways
280
by which useful logging information can be recorded.
284
<listitem><para>Syslog can be used to record all transaction. This can be disabled by setting
285
in the &smb.conf; file <parameter>syslog = 0</parameter>.</para></listitem>
286
<listitem><para>Logging can take place to the default log file (<filename>log.smbd</filename>)
287
for all loaded VFS modules just by setting in the &smb.conf; file
288
<parameter>log level = 0 vfs:x</parameter>, where x is the log level.
289
This will disable general logging while activating all logging of VFS
290
module activity at the log level specified.</para></listitem>
291
<listitem><para>Detailed logging can be obtained per user, per client machine, etc.
292
This requires the above together with the creative use of the
293
<parameter>log file</parameter> settings.</para>
294
<para>An example of detailed per-user and per-machine logging can
295
be obtained by setting
296
<smbconfoption name="log file">/var/log/samba/%U.%m.log</smbconfoption>.
301
Auditing information often must be preserved for a long time. So that the log files do not get rotated
302
it is essential that the <smbconfoption name="max log size">0</smbconfoption> be set
303
in the &smb.conf; file.
310
<sect2 id="fakeperms">
311
<title>fake_perms</title>
314
<indexterm><primary>fake_perms</primary></indexterm>
315
<indexterm><primary>Roaming Profile</primary></indexterm>
316
<indexterm><primary>writeable</primary></indexterm>
317
<indexterm><primary>read only</primary></indexterm>
318
This module was created to allow Roaming Profile files and directories to be set (on the Samba server
319
under UNIX) as read only. This module will, if installed on the Profiles share, report to the client
320
that the Profile files and directories are writeable. This satisfies the client even though the files
321
will never be overwritten as the client logs out or shuts down.
327
<title>recycle</title>
330
<indexterm><primary>recycle</primary></indexterm>
331
<indexterm><primary>unlink calls</primary></indexterm>
332
<indexterm><primary>recycle directory</primary></indexterm>
333
A Recycle Bin-like module. Where used, unlink calls will be intercepted and files moved
334
to the recycle directory instead of being deleted. This gives the same effect as the
335
<guiicon>Recycle Bin</guiicon> on Windows computers.
339
<indexterm><primary>recycle</primary></indexterm>
340
<indexterm><primary>.recycle</primary></indexterm>
341
<indexterm><primary>recycle:keeptree</primary></indexterm>
342
<indexterm><primary>deleted files</primary></indexterm>
343
The <guiicon>Recycle Bin</guiicon> will not appear in
344
<application>Windows Explorer</application> views of the network
345
file system (share) nor on any mapped drive. Instead, a directory
346
called <filename>.recycle</filename> will be automatically created
347
when the first file is deleted and <parameter>recycle:repository</parameter>
349
If <parameter>recycle:repository</parameter> is configured, the name
350
of the created directory depends on <parameter>recycle:repository</parameter>.
351
Users can recover files from the recycle bin. If the
352
<parameter>recycle:keeptree</parameter> has been specified, deleted
353
files will be found in a path identical with that from which the
357
<para>Supported options for the <command>recycle</command> module are as follow:
360
<term>recycle:repository</term>
362
<indexterm><primary>recycle:repository</primary></indexterm>
363
Path of the directory where deleted files should be moved.
368
<term>recycle:directory_mode</term>
370
<indexterm><primary>directory_mode</primary></indexterm>
371
Set it to the octal mode you want for the recycle directory. With
372
this mode the recycle directory will be created if it not
373
exists and the first file is deleted.
374
If <parameter>recycle:subdir_mode</parameter> is not set, these
375
mode also apply to sub directories.
376
If <parameter>directory_mode</parameter> not exists, the default
382
<term>recycle:subdir_mode</term>
384
<indexterm><primary>recycle:subdir_mode</primary></indexterm>
385
Set it to the octal mode you want for the sub directories of
386
the recycle directory. With this mode the sub directories will
388
If <parameter>recycle:subdir_mode</parameter> is not set, the
389
sub directories will be created with the mode from
390
<parameter>directory_mode</parameter>.
395
<term>recycle:keeptree</term>
397
<indexterm><primary>recycle:keeptree</primary></indexterm>
398
Specifies whether the directory structure should be kept or if the files in the directory that is being
399
deleted should be kept separately in the recycle bin.
404
<term>recycle:versions</term>
406
<indexterm><primary>recycle:versions</primary></indexterm>
407
If this option is set, two files
408
with the same name that are deleted will both
409
be kept in the recycle bin. Newer deleted versions
410
of a file will be called <quote>Copy #x of <replaceable>filename</replaceable></quote>.
415
<term>recycle:touch</term>
417
<indexterm><primary>recycle:touch</primary></indexterm>
418
Specifies whether a file's access date should be touched when the file is moved to the recycle bin.
423
<term>recycle:touch_mtime</term>
425
<indexterm><primary>recycle:touch</primary></indexterm>
426
Specifies whether a file's last modify date date should be touched when the file is moved to the recycle bin.
431
<term>recycle:maxsize</term>
433
<indexterm><primary>recycle:maxsize</primary></indexterm>
434
Files that are larger than the number of bytes specified by this parameter will not be put into the recycle bin.
439
<term>recycle:exclude</term>
441
<indexterm><primary>recycle:exclude</primary></indexterm>
442
List of files that should not be put into the recycle bin when deleted, but deleted in the regular way.
447
<term>recycle:exclude_dir</term>
449
<indexterm><primary>recycle:exclude_dir</primary></indexterm>
450
Contains a list of directories. When files from these directories are
451
deleted, they are not put into the
452
recycle bin but are deleted in the
458
<term>recycle:noversions</term>
460
<indexterm><primary>recycle:noversions</primary></indexterm>
461
Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning
462
should be used. Only useful when <emphasis>recycle:versions</emphasis> is enabled.
471
<title>netatalk</title>
474
<indexterm><primary>netatalk</primary></indexterm>
475
A netatalk module will ease co-existence of Samba and netatalk file sharing services.
478
<para>Advantages compared to the old netatalk module:
480
<indexterm><primary>.AppleDouble</primary></indexterm>
481
<listitem><para>Does not care about creating .AppleDouble forks, just keeps them in sync.</para></listitem>
482
<listitem><para>If a share in &smb.conf; does not contain .AppleDouble item in hide or veto list, it will be added automatically.</para></listitem>
489
<title>shadow_copy</title>
492
<indexterm><primary>shadow_copy</primary></indexterm>
493
<emphasis>THIS IS NOT A BACKUP, ARCHIVAL, OR VERSION CONTROL SOLUTION!</emphasis>
497
<indexterm><primary>version control</primary></indexterm>
498
With Samba or Windows servers, shadow_copy is designed to be an end-user tool only. It does not replace or
499
enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you
500
need version control, implement a version control system. You have been warned.
505
The shadow_copy module allows you to setup functionality that is similar to MS shadow copy services. When
506
setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on Samba shares.
507
You will need to install the shadow copy client. You can get the MS shadow copy client <ulink noescape="1"
508
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">here.</ulink>. Note the
509
additional requirements for pre-Windows XP clients. I did not test this functionality with any pre-Windows XP
510
clients. You should be able to get more information about MS Shadow Copy <ulink noescape="1"
511
url="http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx">from the Microsoft's site</ulink>.
515
<indexterm><primary>shadow_copy</primary></indexterm>
516
<indexterm><primary>VFS module</primary></indexterm>
517
<indexterm><primary>shadow_copy module</primary></indexterm>
518
<indexterm><primary>LVM</primary></indexterm>
519
<indexterm><primary>EVMS</primary></indexterm>
520
<indexterm><primary>Logical Volume Manager</primary><see>LVM</see></indexterm>
521
The shadow_copy VFS module requires some underlying file system setup with some sort of Logical Volume Manager
522
(LVM) such as LVM1, LVM2, or EVMS. Setting up LVM is beyond the scope of this document; however, we will
523
outline the steps we took to test this functionality for <emphasis>example purposes only.</emphasis> You need
524
to make sure the LVM implementation you choose to deploy is ready for production. Make sure you do plenty of
529
Here are some common resources for LVM and EVMS:
534
<para><ulink noescape="1"
535
url="http://www.sistina.com/products_lvm_download.htm">Sistina's
536
LVM1 and LVM2</ulink></para>
539
<para><ulink url="http://evms.sourceforge.net/">Enterprise Volume Management System (EVMS)</ulink></para>
542
<para><ulink url="http://tldp.org/HOWTO/LVM-HOWTO/">The LVM HOWTO</ulink></para>
546
See <ulink url="http://www-106.ibm.com/developerworks/linux/library/l-lvm/">Learning
547
Linux LVM, Part 1</ulink> and <ulink url="http://www-106.ibm.com/developerworks/library/l-lvm2.html">Learning
548
Linux LWM, Part 2</ulink> for Daniel Robbins' well-written, two part tutorial on Linux and LVM using LVM
549
source code and reiserfs.</para>
554
<title>Shadow Copy Setup</title>
556
<indexterm><primary>XFS file system</primary></indexterm>
557
<indexterm><primary>Debian Sarge</primary></indexterm>
558
At the time of this writing, not much testing has been done. I tested the shadow copy VFS module with a
559
specific scenario which was not deployed in a production environment, but more as a proof of concept. The
560
scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend
561
you use this as a solution without doing your own due diligence with regard to all the components presented
562
here. That said, following is an basic outline of how I got things going.
567
<formalpara><title>Installed Operating System </title>
569
In my tests, I used <ulink url="http://www.debian.org/devel/debian-installer/">Debian
570
Sarge</ulink> (i.e., testing) on an XFS file system. Setting up the OS is a bit beyond the scope of this
571
document. It is assumed that you have a working OS capable of running Samba.
576
<formalpara><title>Install & Configure Samba</title>
578
See the <link linkend="introduction">installation section</link> of this HOWTO for more detail on this.
579
It doesn't matter if it is a Domain Controller or Member File Server, but it is assumed that you have a
580
working Samba 3.0.3 or later server running.
585
<formalpara><title>Install & Configure LVM</title>
587
<indexterm><primary>shadow copies</primary></indexterm>
588
<indexterm><primary>Snapshots</primary></indexterm>
589
Before you can make shadow copies available to the client, you have to create the shadow copies. This is
590
done by taking some sort of file system snapshot. Snapshots are a typical feature of Logical Volume
591
Managers such as LVM, so we first need to have that setup.
596
The following is provided as an example and will be most helpful for Debian users. Again, this was tested
597
using the "testing" or "Sarge" distribution.
602
<indexterm><primary>lvm10 package</primary></indexterm>
603
<indexterm><primary>devfsd package</primary></indexterm>
604
<indexterm><primary>Debian</primary></indexterm>
605
<indexterm><primary>xfsprogs</primary></indexterm>
606
<indexterm><primary>apt-get</primary></indexterm>
607
Install lvm10 and devfsd packages if you have not done so already. On Debian systems, you are warned of the
608
interaction of devfs and lvm1 which requires the use of devfs filenames. Running <command>apt-get update
609
&& apt-get install lvm10 devfsd xfsprogs</command> should do the trick for this example.
613
<indexterm><primary>create volume</primary></indexterm>
614
<indexterm><primary>create partition</primary></indexterm>
615
<indexterm><primary>fdisk</primary></indexterm>
616
<indexterm><primary>cfdisk</primary></indexterm>
617
<indexterm><primary>Linux LVM</primary></indexterm>
618
Now you need to create a volume. You will need to create a partition (or partitions) to add to your volume.
619
Use your favorite partitioning tool (e.g., Linux fdisk, cfdisk, etc.). The partition type should be set to
620
0x8e for "Linux LVM." In this example, we will use /dev/hdb1.
624
<indexterm><primary>Linux LVM partition</primary></indexterm>
625
<indexterm><primary>LVM volume</primary></indexterm>
626
<indexterm><primary>modprobe</primary></indexterm>
627
Once you have the Linux LVM partition (type 0x8e), you can run a series of commands to create the LVM volume.
628
You can use several disks and/or partitions, but we will use only one in this example. You may also need to
629
load the kernel module with something like <command>modprobe lvm-mod</command> and set your system up to load
630
it on reboot by adding it to (<filename>/etc/modules</filename>).
634
<indexterm><primary>pvcreate</primary></indexterm>
635
Create the physical volume with <command>pvcreate /dev/hdb1</command>
639
<indexterm><primary>vgcreate</primary></indexterm>
640
<indexterm><primary>volume group</primary></indexterm>
641
Create the volume group and add /dev/hda1 to it with <command>vgcreate shadowvol /dev/hdb1</command>
645
<indexterm><primary>vgdisplay</primary></indexterm>
646
You can use <command>vgdisplay</command> to review information about the volume group.
650
<indexterm><primary>lvcreate</primary></indexterm>
651
Now you can create the logical volume with something like <command>lvcreate -L400M -nsh_test shadowvol</command>
655
<indexterm><primary>/dev/shadowvol</primary></indexterm>
656
This creates the logical volume of 400 MBs named "sh_test" in the volume group we created called shadowvol.
657
If everything is working so far, you should see them in <filename>/dev/shadowvol</filename>.
661
<indexterm><primary>mkfs.xfs</primary></indexterm>
662
Now we should be ready to format the logical volume we named sh_test with <command>mkfs.xfs
663
/dev/shadowvol/sh_test</command>
667
<indexterm><primary>logical volume</primary></indexterm>
668
<indexterm><primary>LVM</primary></indexterm>
669
<indexterm><primary>freezing</primary></indexterm>
670
<indexterm><primary>resizing</primary></indexterm>
671
<indexterm><primary>growing</primary></indexterm>
672
You can format the logical volume with any file system you choose, but make sure to use one that allows you to
673
take advantage of the additional features of LVM such as freezing, resizing, and growing your file systems.
677
<indexterm><primary>LVM volume</primary></indexterm>
678
<indexterm><primary>shadow_copy</primary></indexterm>
679
<indexterm><primary>module</primary></indexterm>
680
Now we have an LVM volume where we can play with the shadow_copy VFS module.
684
<indexterm><primary>mkdir</primary></indexterm>
685
<indexterm><primary>permissions</primary></indexterm>
686
<indexterm><primary>chmod</primary></indexterm>
687
Now we need to prepare the directory with something like
689
&rootprompt; mkdir -p /data/shadow_share
691
or whatever you want to name your shadow copy-enabled Samba share. Make sure you set the permissions so that
692
you can use it. If in doubt, use <command>chmod 777 /data/shadow_share</command> and tighten the permissions
693
once you get things working.
697
<indexterm><primary>mount</primary></indexterm>
698
Mount the LVM volume using something like <command>mount /dev/shadowvol/sh_test /data/shadow_share</command>
702
<indexterm><primary>/etc/fstab</primary></indexterm>
703
You may also want to edit your <filename>/etc/fstab</filename> so that this partition mounts during the system boot.
710
<formalpara><title>Install & Configure the shadow_copy VFS Module</title>
712
Finally we get to the actual shadow_copy VFS module. The shadow_copy VFS module should be available in Samba
713
3.0.3 and higher. The smb.conf configuration is pretty standard. Here is our example of a share configured
714
with the shadow_copy VFS module:
717
<example id="vfsshadow">
718
<title>Share With shadow_copy VFS</title>
720
<smbconfsection name="[shadow_share]"/>
721
<smbconfoption name="comment">Shadow Copy Enabled Share</smbconfoption>
722
<smbconfoption name="path">/data/shadow_share</smbconfoption>
723
<smbconfoption name="vfs objects">shadow_copy</smbconfoption>
724
<smbconfoption name="writeable">yes</smbconfoption>
725
<smbconfoption name="browseable">yes</smbconfoption>
732
<formalpara><title>Create Snapshots and Make Them Available to shadow_copy.so</title>
734
<indexterm><primary>shadow_copy</primary></indexterm>
735
<indexterm><primary>LVM snapshots</primary></indexterm>
736
<indexterm><primary>module</primary></indexterm>
737
Before you can browse the shadow copies, you must create them and mount them. This will most likely be done
738
with a script that runs as a cron job. With this particular solution, the shadow_copy VFS module is used to
739
browse LVM snapshots. Those snapshots are not created by the module. They are not made available by the
740
module either. This module allows the shadow copy-enabled client to browse the snapshots you take and make
745
Here is a simple script used to create and mount the snapshots:
748
# This is a test, this is only a test
749
SNAPNAME=`date +%Y.%m.%d-%H.%M.%S`
750
xfs_freeze -f /data/shadow_share/
751
lvcreate -L10M -s -n $SNAPNAME /dev/shadowvol/sh_test
752
xfs_freeze -u /data/shadow_share/
753
mkdir /data/shadow_share/@GMT-$SNAPNAME
754
mount /dev/shadowvol/$SNAPNAME \
755
/data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
757
Note that the script does not handle other things like remounting snapshots on reboot.
761
<formalpara><title>Test From Client</title>
763
To test, you will need to install the shadow copy client which you can obtain from the <ulink
764
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">Microsoft web site.</ulink> I
765
only tested this with an XP client so your results may vary with other pre-XP clients. Once installed, with
766
your XP client you can right-click on specific files or in the empty space of the shadow_share and view the
767
"properties." If anything has changed, then you will see it on the "Previous Versions" tab of the properties
779
<title>VFS Modules Available Elsewhere</title>
782
<indexterm><primary>VFS modules</primary></indexterm>
783
This section contains a listing of various other VFS modules that have been posted but do not currently reside
784
in the Samba CVS tree for one reason or another (e.g., it is easy for the maintainer to have his or her own
789
No statements about the stability or functionality of any module should be implied due to its presence here.
793
<title>DatabaseFS</title>
796
<indexterm><primary>DatabaseFS</primary></indexterm>
797
URL: <ulink noescape="1" url="http://www.css.tayloru.edu/~elorimer/databasefs/index.php">
798
Taylors University DatabaeFS</ulink>
801
<para>By <ulink url="mailto:elorimer@css.tayloru.edu">Eric Lorimer.</ulink></para>
804
I have created a VFS module that implements a fairly complete read-only filesystem. It presents information
805
from a database as a filesystem in a modular and generic way to allow different databases to be used.
806
(Originally designed for organizing MP3s under directories such as <quote>Artists,</quote> <quote>Song
807
Keywords,</quote> and so on. I have since easily applied it to a student roster database.) The directory
808
structure is stored in the database itself and the module makes no assumptions about the database structure
809
beyond the table it requires to run.
813
Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, it
814
might prove useful for someone else who wishes to create a virtual filesystem.
822
<indexterm><primary>vscan</primary></indexterm>
823
<para>URL: <ulink noescape="1" url="http://www.openantivirus.org/projects.php#samba-vscan">
824
Open Anti-Virus vscan</ulink>
828
<indexterm><primary>samba-vscan</primary></indexterm>
829
samba-vscan is a proof-of-concept module for Samba, which provides on-access anti-virus support for files
830
shared using Samba. samba-vscan supports various virus scanners and is maintained by Rainer Link.
836
<title>vscan-clamav</title>
838
Samba users have been using the RPMS from SerNet without a problem.
839
OpenSUSE Linux users have also used the vscan scanner for quite some time
840
with excellent results. It does impact overall write performance though.
844
The following share stanza is a good guide for those wanting to configure vscan-clamav:
849
vfs objects = vscan-clamav
850
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
854
The following example of the <filename>vscan-clamav.conf</filename> file may help to get this
859
<title>VFS: Vscan ClamAV Control File</title>
861
# /etc/samba/vscan-clamav.conf
865
; run-time configuration for vscan-samba using
867
; all options are set to default values
869
; do not scan files larger than X bytes. If set to 0 (default),
870
; this feature is disable (i.e. all files are scanned)
871
max file size = 10485760
873
; log all file access (yes/no). If set to yes, every access will
874
; be logged. If set to no (default), only access to infected files
876
verbose file logging = no
878
; if set to yes (default), a file will be scanned while opening
880
; if set to yes, a file will be scanned while closing (default is yes)
883
; if communication to clamd fails, should access to file denied?
885
deny access on error = no
887
; if daemon failes with a minor error (corruption, etc.),
888
; should access to file denied?
890
deny access on minor error = no
892
; send a warning message via Windows Messenger service
893
; when virus is found?
895
send warning message = yes
897
; what to do with an infected file
898
; quarantine: try to move to quantine directory
899
; delete: delete infected file
900
; nothing: do nothing (default)
901
infected file action = quarantine
903
; where to put infected files - you really want to change this!
904
quarantine directory = /opt/clamav/quarantine
905
; prefix for files in quarantine
906
quarantine prefix = vir-
908
; as Windows tries to open a file multiple time in a (very) short time
909
; of period, samba-vscan use a last recently used file mechanism to avoid
910
; multiple scans of a file. This setting specified the maximum number of
911
; elements of the last recently used file list. (default: 100)
912
max lru files entries = 100
914
; an entry is invalidad after lru file entry lifetime (in seconds).
916
lru file entry lifetime = 5
918
; exclude files from being scanned based on the MIME-type! Semi-colon
919
; seperated list (default: empty list). Use this with care!
922
; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
924
clamd socket name = /tmp/clamd
926
; limits, if vscan-clamav was build for using the clamav library (libclamav)
929
; maximum number of files in archive (default: 1000)
930
libclamav max files in archive = 1000
932
; maximum archived file size, in bytes (default: 10 MB)
933
libclamav max archived file size = 5242880
935
; maximum recursion level (default: 5)
936
libclamav max recursion level = 5
940
Obviously, a running clam daemon is necessary for this to work. This is a working example for me using ClamAV.
941
The ClamAV documentation should provide additional configuration examples. On your system these may be located
942
under the <filename>/usr/share/doc/</filename> directory. Some examples may also target other virus scanners,
943
any of which can be used.