Web lists-archives.com

Re: [Samba] Shadow Copy 2 not read only




On Fri, Feb 23, 2018 at 02:11:50PM +0000, Tercio Gaudencio Filho via samba wrote:
> Hi!
> 
> 
> Setup: Samba version 4.5.12-Debian.
> 
> smb.conf:
> [global]
> security = USER
> server role = standalone server
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> map to guest = Bad User
> passdb backend = tdbsam
> username map = /etc/samba/usersgroups.map
> usershare path =
> disable spoolss = Yes
> load printers = No
> printcap name = /dev/null
> printing = bsd
> wins support = No
> dns proxy = No
> name resolve order = host
> disable netbios = No
> inherit acls = Yes
> inherit owner = Yes
> inherit permissions = Yes
> 
> [Adm]
>    path = /srv/samba/adm
>    read only = No
>    vfs objects = shadow_copy2
>    shadow:basedir = /srv/samba/adm
>    shadow:snapdir = /srv/snapshots/adm
>    shadow:sort = desc
> 
> 
> I'm using shadow_copy2, but I found an issue when a user opened a file in
> the history and could change this file. The file is not readonly. Which
> IMHO is critical, snapshots should be immutable.

Currently the shadow_copy2 module doesn't enforce read-only
access. It could be added as an option, but that's a code
change needed.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba