Re: [Samba] Shadow Copy 2 not read only
- Date: Mon, 26 Feb 2018 21:35:53 +0000
- From: Tercio Gaudencio Filho via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Shadow Copy 2 not read only
Well, just to keep the record, I solved my problem doing a readonly bind
mount to the original snapshots and configured Shadow Copy 2 to look into
this folder. This way I have a ro shadow-copy and still have a rw to do the
snapshots without having to remount everytime I need a snapshot.
In my case, /srv/snapshots is rw.
mount -o bind,ro /srv/snapshots /srv/snapshots-ro
shadow:snapdir = /srv/snapshots-ro/adm
Here is my script that creates the snapshots.
On Fri, Feb 23, 2018 at 1:49 PM Jeremy Allison <jra@xxxxxxxxx> wrote:
> On Fri, Feb 23, 2018 at 02:11:50PM +0000, Tercio Gaudencio Filho via samba
> > Hi!
> > Setup: Samba version 4.5.12-Debian.
> > smb.conf:
> > [global]
> > security = USER
> > server role = standalone server
> > log file = /var/log/samba/log.%m
> > log level = 3
> > max log size = 1000
> > panic action = /usr/share/samba/panic-action %d
> > map to guest = Bad User
> > passdb backend = tdbsam
> > username map = /etc/samba/usersgroups.map
> > usershare path =
> > disable spoolss = Yes
> > load printers = No
> > printcap name = /dev/null
> > printing = bsd
> > wins support = No
> > dns proxy = No
> > name resolve order = host
> > disable netbios = No
> > inherit acls = Yes
> > inherit owner = Yes
> > inherit permissions = Yes
> > [Adm]
> > path = /srv/samba/adm
> > read only = No
> > vfs objects = shadow_copy2
> > shadow:basedir = /srv/samba/adm
> > shadow:snapdir = /srv/snapshots/adm
> > shadow:sort = desc
> > I'm using shadow_copy2, but I found an issue when a user opened a file in
> > the history and could change this file. The file is not readonly. Which
> > IMHO is critical, snapshots should be immutable.
> Currently the shadow_copy2 module doesn't enforce read-only
> access. It could be added as an option, but that's a code
> change needed.
Tercio Gaudencio Filho
To unsubscribe from this list go to the following URL and read the