--- /dev/null
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 22. Stackable VFS modules</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"><link rel="start" href="index.html" title="The Official Samba-3 HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part III. Advanced Configuration"><link rel="prev" href="CUPS-printing.html" title="Chapter 21. CUPS Printing Support"><link rel="next" href="winbind.html" title="Chapter 23. Winbind: Use of Domain Accounts"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 22. Stackable VFS modules</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a> </td><th width="60%" align="center">Part III. Advanced Configuration</th><td width="20%" align="right"> <a accesskey="n" href="winbind.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="VFS"></a>Chapter 22. Stackable VFS modules</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email"><<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Tim</span> <span class="surname">Potter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a href="mailto:tpot@samba.org">tpot@samba.org</a>></code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Simo</span> <span class="surname">Sorce</span></h3><span class="contrib">original vfs_skel README</span></div></div><div><div class="author"><h3 class="author"><span class="firstname">Alexander</span> <span class="surname">Bokovoy</span></h3><span class="contrib">original vfs_netatalk docs</span></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stefan</span> <span class="surname">Metzmacher</span></h3><span class="contrib">Update for multiple modules</span></div></div><div><div class="author"><h3 class="author"><span class="firstname">Ed</span> <span class="surname">Riddle</span></h3><span class="contrib">original shadow_copy docs</span></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="VFS.html#id2617428">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="VFS.html#id2617466">Discussion</a></span></dt><dt><span class="sect1"><a href="VFS.html#id2617867">Included Modules</a></span></dt><dd><dl><dt><span class="sect2"><a href="VFS.html#id2617873">audit</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2617914">default_quota</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2618131">extd_audit</a></span></dt><dt><span class="sect2"><a href="VFS.html#fakeperms">fake_perms</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2618444">recycle</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2618758">netatalk</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2618808">shadow_copy</a></span></dt></dl></dd><dt><span class="sect1"><a href="VFS.html#id2619720">VFS Modules Available Elsewhere</a></span></dt><dd><dl><dt><span class="sect2"><a href="VFS.html#id2619746">DatabaseFS</a></span></dt><dt><span class="sect2"><a href="VFS.html#id2619805">vscan</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2617428"></a>Features and Benefits</h2></div></div></div><p>
+<a class="indexterm" name="id2617436"></a>
+<a class="indexterm" name="id2617445"></a>
+<a class="indexterm" name="id2617452"></a>
+Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba
+passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the
+modules that come with the Samba source and provides references to some external modules.
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2617466"></a>Discussion</h2></div></div></div><p>
+<a class="indexterm" name="id2617474"></a>
+<a class="indexterm" name="id2617480"></a>
+If not supplied with your platform distribution binary Samba package, you may have problems compiling these
+modules, as shared libraries are compiled and linked in different ways on different systems. They currently
+have been tested against GNU/Linux and IRIX.
+</p><p>
+<a class="indexterm" name="id2617495"></a>
+<a class="indexterm" name="id2617502"></a>
+<a class="indexterm" name="id2617509"></a>
+To use the VFS modules, create a share similar to the one below. The important parameter is the <a class="indexterm" name="id2617517"></a>vfs objects parameter where you can list one or more VFS modules by name. For example, to log all
+access to files and put deleted files in a recycle bin, see <a href="VFS.html#vfsrecyc" title="Example 22.1. smb.conf with VFS modules">the smb.conf with VFS
+modules example</a>:
+</p><div class="example"><a name="vfsrecyc"></a><p class="title"><b>Example 22.1. smb.conf with VFS modules</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[audit]</code></em></td></tr><tr><td><a class="indexterm" name="id2617559"></a><em class="parameter"><code>comment = Audited /data directory</code></em></td></tr><tr><td><a class="indexterm" name="id2617572"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id2617585"></a><em class="parameter"><code>vfs objects = audit recycle</code></em></td></tr><tr><td><a class="indexterm" name="id2617598"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617610"></a><em class="parameter"><code>browseable = yes</code></em></td></tr></table></div><p>
+<a class="indexterm" name="id2617626"></a>
+<a class="indexterm" name="id2617633"></a>
+<a class="indexterm" name="id2617640"></a>
+The modules are used in the order in which they are specified. Let's say that you want to both have a virus
+scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that
+it is the first to get run and may detect a virus immediately, before any action is performed on that file.
+<a class="indexterm" name="id2617652"></a>vfs objects = vscan-clamav recycle
+</p><p>
+<a class="indexterm" name="id2617663"></a>
+<a class="indexterm" name="id2617670"></a>
+Samba will attempt to load modules from the <code class="filename">/lib</code> directory in the root directory of the
+Samba installation (usually <code class="filename">/usr/lib/samba/vfs</code> or
+<code class="filename">/usr/local/samba/lib/vfs</code>).
+</p><p>
+<a class="indexterm" name="id2617700"></a>
+<a class="indexterm" name="id2617707"></a>
+<a class="indexterm" name="id2617714"></a>
+<a class="indexterm" name="id2617721"></a>
+Some modules can be used twice for the same share. This can be done using a configuration similar to the one
+shown in <a href="VFS.html#multimodule" title="Example 22.2. smb.conf with multiple VFS modules">the smb.conf with multiple VFS modules</a>.
+
+</p><div class="example"><a name="multimodule"></a><p class="title"><b>Example 22.2. smb.conf with multiple VFS modules</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[test]</code></em></td></tr><tr><td><a class="indexterm" name="id2617761"></a><em class="parameter"><code>comment = VFS TEST</code></em></td></tr><tr><td><a class="indexterm" name="id2617774"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id2617787"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617799"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2617812"></a><em class="parameter"><code>vfs objects = example:example1 example example:test</code></em></td></tr><tr><td><a class="indexterm" name="id2617825"></a><em class="parameter"><code>example1: parameter = 1</code></em></td></tr><tr><td><a class="indexterm" name="id2617838"></a><em class="parameter"><code>example: parameter = 5</code></em></td></tr><tr><td><a class="indexterm" name="id2617851"></a><em class="parameter"><code>test: parameter = 7</code></em></td></tr></table></div><p>
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2617867"></a>Included Modules</h2></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2617873"></a>audit</h3></div></div></div><p>
+<a class="indexterm" name="id2617881"></a>
+ A simple module to audit file access to the syslog facility. The following operations are logged:
+ </p><div class="itemizedlist"><ul type="disc"><li><p>share</p></li><li><p>connect/disconnect</p></li><li><p>directory opens/create/remove</p></li><li><p>file open/close/rename/unlink/chmod</p></li></ul></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2617914"></a>default_quota</h3></div></div></div><p>
+ This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server.
+ The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.
+ </p><p>
+ Samba returns NO_LIMIT as the default quotas by default and refuses to update them. With this module you
+ can store the default quotas that are reported to a windows client, in the quota record of a user. By
+ default the root user is taken because quota limits for root are typically not enforced.
+ </p><p>
+ This module takes 2 parametric entries in the <code class="filename">smb.conf</code> file. The default prefix for each is the
+ “<span class="quote">default_quota</span>”. This can be overwrittem when you load the module in the <span class="emphasis"><em>vfs
+ modules</em></span> parameter like this:
+</p><pre class="screen">
+vfs objects = default_quota:myprefix
+</pre><p>
+ </p><p>
+ The parametric entries that may be specified for the default_quotas module are:
+ </p><div class="variablelist"><dl><dt><span class="term">myprefix:uid</span></dt><dd><p>
+ This parameter takes a integer argument that specifies the uid of the quota record that will be
+ used for storing the default user quotas.
+ </p><p>
+ The default value is 0 (for root user). An example of use is:
+</p><pre class="screen">
+vfs objects = default_quota
+default_quota: uid = 65534
+</pre><p>
+ The above demonstrates the case where the <code class="constant">myprefix</code> was omitted, thus the
+ default prefix is the name of the module. When a <code class="constant">myprefix</code> parameter is
+ specified the above can be re-written like this:
+</p><pre class="screen">
+vfs objects = default_quota:myprefix
+myprefix: uid = 65534
+</pre><p>
+ </p></dd><dt><span class="term">myprefix:uid nolimit</span></dt><dd><p>
+ This parameter takes a boolean argument that specifies if the stored default quota values also be
+ reported for the user record, or if the value <code class="constant">NO_LIMIT</code> should be reported to
+ the windows client for the user specified by the <em class="parameter"><code>prefix:uid</code></em> parameter.
+ </p><p>
+ The default value is <code class="constant">yes</code> (which means to report NO_LIMIT). An example of use
+ is shown here:
+</p><pre class="screen">
+vfs objects = default_quota:myprefix
+myprefix: uid nolimit = no
+</pre><p>
+ </p></dd><dt><span class="term">myprefix:gid</span></dt><dd><p>
+ This parameter takes an integer argument, it's just like the <em class="parameter"><code>prefix>:uid</code></em> but
+ for group quotas. NOTE: group quotas are not supported from the windows explorer.
+ </p><p>
+ The default value is 0 (for root group). An example of use is shown here:
+</p><pre class="screen">
+vfs objects = default_quota
+default_quota: gid = 65534
+</pre><p>
+ </p></dd><dt><span class="term">myprefix:gid nolimit</span></dt><dd><p>
+ This parameter takes a boolean argument, just like the <em class="parameter"><code>prefix>:uid nolimit</code></em>
+ but for group quotas. NOTE: group quotas are not supported from the windows explorer.
+ </p><p>
+ The default value is <code class="constant">yes</code> (which means to report NO_LIMIT). An example of use
+ is shown here:
+</p><pre class="screen">
+vfs objects = default_quota
+default_quota: uid nolimit = no
+</pre><p>
+ </p></dd></dl></div><p>
+ An example of use of multiple parametric specifications is shown here:
+</p><pre class="screen">
+...
+vfs objects = default_quota:quotasettings
+quotasettings: uid nolimit = no
+quotasettings: gid = 65534
+quotasettings: gid nolimit = no
+...
+</pre><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618131"></a>extd_audit</h3></div></div></div><p>
+<a class="indexterm" name="id2618139"></a>
+<a class="indexterm" name="id2618146"></a>
+<a class="indexterm" name="id2618153"></a>
+ This module is identical with the <span><strong class="command">audit</strong></span> module above except
+ that it sends audit logs to both syslog as well as the <span><strong class="command">smbd</strong></span> log files. The
+ <a class="indexterm" name="id2618174"></a>log level for this module is set in the <code class="filename">smb.conf</code> file.
+ </p><p>
+ Valid settings and the information that will be recorded are shown in <a href="VFS.html#xtdaudit" title="Table 22.1. Extended Auditing Log Information">the next table</a>.
+ </p><div class="table"><a name="xtdaudit"></a><p class="title"><b>Table 22.1. Extended Auditing Log Information</b></p><table summary="Extended Auditing Log Information" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Log Level</th><th align="center">Log Details - File and Directory Operations</th></tr></thead><tbody><tr><td align="center">0</td><td align="left">Make Directory, Remove Directory, Unlink</td></tr><tr><td align="center">1</td><td align="left">Open Directory, Rename File, Change Permissions/ACLs</td></tr><tr><td align="center">2</td><td align="left">Open & Close File</td></tr><tr><td align="center">10</td><td align="left">Maximum Debug Level</td></tr></tbody></table></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2618284"></a>Configuration of Auditing</h4></div></div></div><p>
+<a class="indexterm" name="id2618292"></a>
+ This auditing tool is more felxible than most people readily will recognize. There are a number of ways
+ by which useful logging information can be recorded.
+ </p><div class="itemizedlist"><ul type="disc"><li><p>Syslog can be used to record all transaction. This can be disabled by setting
+ in the <code class="filename">smb.conf</code> file <em class="parameter"><code>syslog = 0</code></em>.</p></li><li><p>Logging can take place to the default log file (<code class="filename">log.smbd</code>)
+ for all loaded VFS modules just by setting in the <code class="filename">smb.conf</code> file
+ <em class="parameter"><code>log level = 0 vfs:x</code></em>, where x is the log level.
+ This will disable general logging while activating all logging of VFS
+ module activity at the log level specified.</p></li><li><p>Detailed logging can be obtained per user, per client machine, etc.
+ This requires the above together with the creative use of the
+ <em class="parameter"><code>log file</code></em> settings.</p><p>An example of detailed per-user and per-machine logging can
+ be obtained by setting
+ <a class="indexterm" name="id2618366"></a>log file = /var/log/samba/%U.%m.log.
+ </p></li></ul></div><p>
+ Auditing information often must be preserved for a long time. So that the log files do not get rotated
+ it is essential that the <a class="indexterm" name="id2618380"></a>max log size = 0 be set
+ in the <code class="filename">smb.conf</code> file.
+ </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="fakeperms"></a>fake_perms</h3></div></div></div><p>
+<a class="indexterm" name="id2618408"></a>
+<a class="indexterm" name="id2618415"></a>
+<a class="indexterm" name="id2618422"></a>
+<a class="indexterm" name="id2618429"></a>
+ This module was created to allow Roaming Profile files and directories to be set (on the Samba server
+ under UNIX) as read only. This module will, if installed on the Profiles share, report to the client
+ that the Profile files and directories are writeable. This satisfies the client even though the files
+ will never be overwritten as the client logs out or shuts down.
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618444"></a>recycle</h3></div></div></div><p>
+<a class="indexterm" name="id2618452"></a>
+<a class="indexterm" name="id2618459"></a>
+<a class="indexterm" name="id2618466"></a>
+ A Recycle Bin-like module. Where used, unlink calls will be intercepted and files moved
+ to the recycle directory instead of being deleted. This gives the same effect as the
+ <span class="guiicon">Recycle Bin</span> on Windows computers.
+ </p><p>
+<a class="indexterm" name="id2618485"></a>
+<a class="indexterm" name="id2618492"></a>
+<a class="indexterm" name="id2618499"></a>
+<a class="indexterm" name="id2618506"></a>
+ The <span class="guiicon">Recycle Bin</span> will not appear in <span class="application">Windows Explorer</span> views of the
+ network file system (share) nor on any mapped drive. Instead, a directory called <code class="filename">.recycle</code>
+ will be automatically created when the first file is deleted. Users can recover files from the
+ <code class="filename">.recycle</code> directory. If the <em class="parameter"><code>recycle:keeptree</code></em> has been specified,
+ deleted files will be found in a path identical with that from which the file was deleted.
+ </p><p>Supported options for the <span><strong class="command">recycle</strong></span> module are as follow:
+ </p><div class="variablelist"><dl><dt><span class="term">recycle:repository</span></dt><dd><p>
+<a class="indexterm" name="id2618570"></a>
+ Relative path of the directory where deleted files should be moved.
+ </p></dd><dt><span class="term">recycle:keeptree</span></dt><dd><p>
+<a class="indexterm" name="id2618589"></a>
+ Specifies whether the directory structure should be kept or if the files in the directory that is being
+ deleted should be kept separately in the recycle bin.
+ </p></dd><dt><span class="term">recycle:versions</span></dt><dd><p>
+<a class="indexterm" name="id2618611"></a>
+ If this option is set, two files
+ with the same name that are deleted will both
+ be kept in the recycle bin. Newer deleted versions
+ of a file will be called “<span class="quote">Copy #x of <em class="replaceable"><code>filename</code></em></span>”.
+ </p></dd><dt><span class="term">recycle:touch</span></dt><dd><p>
+<a class="indexterm" name="id2618638"></a>
+ Specifies whether a file's access date should be touched when the file is moved to the recycle bin.
+ </p></dd><dt><span class="term">recycle:touch_mtime</span></dt><dd><p>
+<a class="indexterm" name="id2618658"></a>
+ Specifies whether a file's last modify date date should be touched when the file is moved to the recycle bin.
+ </p></dd><dt><span class="term">recycle:maxsize</span></dt><dd><p>
+<a class="indexterm" name="id2618678"></a>
+ Files that are larger than the number of bytes specified by this parameter will not be put into the recycle bin.
+ </p></dd><dt><span class="term">recycle:exclude</span></dt><dd><p>
+<a class="indexterm" name="id2618698"></a>
+ List of files that should not be put into the recycle bin when deleted, but deleted in the regular way.
+ </p></dd><dt><span class="term">recycle:exclude_dir</span></dt><dd><p>
+<a class="indexterm" name="id2618718"></a>
+ Contains a list of directories. When files from these directories are
+ deleted, they are not put into the
+ recycle bin but are deleted in the
+ regular way.
+ </p></dd><dt><span class="term">recycle:noversions</span></dt><dd><p>
+<a class="indexterm" name="id2618739"></a>
+ Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning
+ should be used. Only useful when <span class="emphasis"><em>recycle:versions</em></span> is enabled.
+ </p></dd></dl></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618758"></a>netatalk</h3></div></div></div><p>
+<a class="indexterm" name="id2618766"></a>
+ A netatalk module will ease co-existence of Samba and netatalk file sharing services.
+ </p><p>Advantages compared to the old netatalk module:
+ </p><div class="itemizedlist"><a class="indexterm" name="id2618780"></a><ul type="disc"><li><p>Does not care about creating .AppleDouble forks, just keeps them in sync.</p></li><li><p>If a share in <code class="filename">smb.conf</code> does not contain .AppleDouble item in hide or veto list, it will be added automatically.</p></li></ul></div><p>
+ </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2618808"></a>shadow_copy</h3></div></div></div><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+<a class="indexterm" name="id2618817"></a>
+ <span class="emphasis"><em>THIS IS NOT A BACKUP, ARCHIVAL, OR VERSION CONTROL SOLUTION!</em></span>
+ </p><p>
+<a class="indexterm" name="id2618831"></a>
+ With Samba or Windows servers, shadow_copy is designed to be an end-user tool only. It does not replace or
+ enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you
+ need version control, implement a version control system. You have been warned.
+ </p></div><p>
+ The shadow_copy module allows you to setup functionality that is similar to MS shadow copy services. When
+ setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on Samba shares.
+ You will need to install the shadow copy client. You can get the MS shadow copy client <a href="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx" target="_top">here.</a>. Note the
+ additional requirements for pre-Windows XP clients. I did not test this functionality with any pre-Windows XP
+ clients. You should be able to get more information about MS Shadow Copy <a href="http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx" target="_top">from the Microsoft's site</a>.
+ </p><p>
+<a class="indexterm" name="id2618876"></a>
+<a class="indexterm" name="id2618883"></a>
+<a class="indexterm" name="id2618890"></a>
+<a class="indexterm" name="id2618897"></a>
+<a class="indexterm" name="id2618903"></a>
+<a class="indexterm" name="id2618910"></a>
+ The shadow_copy VFS module requires some underlying file system setup with some sort of Logical Volume Manager
+ (LVM) such as LVM1, LVM2, or EVMS. Setting up LVM is beyond the scope of this document; however, we will
+ outline the steps we took to test this functionality for <span class="emphasis"><em>example purposes only.</em></span> You need
+ to make sure the LVM implementation you choose to deploy is ready for production. Make sure you do plenty of
+ tests.
+ </p><p>
+ Here are some common resources for LVM and EVMS:
+ </p><div class="itemizedlist"><ul type="disc"><li><p><a href="http://www.sistina.com/products_lvm_download.htm" target="_top">Sistina's
+ LVM1 and LVM2</a></p></li><li><p><a href="http://evms.sourceforge.net/" target="_top">Enterprise Volume Management System (EVMS)</a></p></li><li><p><a href="http://tldp.org/HOWTO/LVM-HOWTO/" target="_top">The LVM HOWTO</a></p></li><li><p>
+ See <a href="http://www-106.ibm.com/developerworks/linux/library/l-lvm/" target="_top">Learning
+ Linux LVM, Part 1</a> and <a href="http://www-106.ibm.com/developerworks/library/l-lvm2.html" target="_top">Learning
+ Linux LWM, Part 2</a> for Daniel Robbins' well-written, two part tutorial on Linux and LVM using LVM
+ source code and reiserfs.</p></li></ul></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2618996"></a>Shadow Copy Setup</h4></div></div></div><p>
+<a class="indexterm" name="id2619004"></a>
+<a class="indexterm" name="id2619011"></a>
+ At the time of this writing, not much testing has been done. I tested the shadow copy VFS module with a
+ specific scenario which was not deployed in a production environment, but more as a proof of concept. The
+ scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend
+ you use this as a solution without doing your own due diligence with regard to all the components presented
+ here. That said, following is an basic outline of how I got things going.
+ </p><div class="orderedlist"><ol type="1"><li><p><b>Installed Operating System . </b>
+ In my tests, I used <a href="http://www.debian.org/devel/debian-installer/" target="_top">Debian
+ Sarge</a> (i.e., testing) on an XFS file system. Setting up the OS is a bit beyond the scope of this
+ document. It is assumed that you have a working OS capable of running Samba.
+ </p></li><li><p><b>Install & Configure Samba. </b>
+ See the <a href="introduction.html" title="Part I. General Installation">installation section</a> of this HOWTO for more detail on this.
+ It doesn't matter if it is a Domain Controller or Member File Server, but it is assumed that you have a
+ working Samba 3.0.3 or later server running.
+ </p></li><li><p><b>Install & Configure LVM. </b>
+<a class="indexterm" name="id2619090"></a>
+<a class="indexterm" name="id2619096"></a>
+ Before you can make shadow copies available to the client, you have to create the shadow copies. This is
+ done by taking some sort of file system snapshot. Snapshots are a typical feature of Logical Volume
+ Managers such as LVM, so we first need to have that setup.
+ </p><div class="itemizedlist"><p>
+ The following is provided as an example and will be most helpful for Debian users. Again, this was tested
+ using the "testing" or "Sarge" distribution.
+ </p><ul type="disc"><li><p>
+<a class="indexterm" name="id2619121"></a>
+<a class="indexterm" name="id2619128"></a>
+<a class="indexterm" name="id2619135"></a>
+<a class="indexterm" name="id2619142"></a>
+<a class="indexterm" name="id2619149"></a>
+ Install lvm10 and devfsd packages if you have not done so already. On Debian systems, you are warned of the
+ interaction of devfs and lvm1 which requires the use of devfs filenames. Running <span><strong class="command">apt-get update
+ && apt-get install lvm10 devfsd xfsprogs</strong></span> should do the trick for this example.
+ </p></li><li><p>
+<a class="indexterm" name="id2619172"></a>
+<a class="indexterm" name="id2619179"></a>
+<a class="indexterm" name="id2619186"></a>
+<a class="indexterm" name="id2619193"></a>
+<a class="indexterm" name="id2619200"></a>
+ Now you need to create a volume. You will need to create a partition (or partitions) to add to your volume.
+ Use your favorite partitioning tool (e.g., Linux fdisk, cfdisk, etc.). The partition type should be set to
+ 0x8e for "Linux LVM." In this example, we will use /dev/hdb1.
+ </p><p>
+<a class="indexterm" name="id2619215"></a>
+<a class="indexterm" name="id2619222"></a>
+<a class="indexterm" name="id2619228"></a>
+ Once you have the Linux LVM partition (type 0x8e), you can run a series of commands to create the LVM volume.
+ You can use several disks and/or partitions, but we will use only one in this example. You may also need to
+ load the kernel module with something like <span><strong class="command">modprobe lvm-mod</strong></span> and set your system up to load
+ it on reboot by adding it to (<code class="filename">/etc/modules</code>).
+ </p></li><li><p>
+<a class="indexterm" name="id2619257"></a>
+ Create the physical volume with <span><strong class="command">pvcreate /dev/hdb1</strong></span>
+ </p></li><li><p>
+<a class="indexterm" name="id2619275"></a>
+<a class="indexterm" name="id2619282"></a>
+ Create the volume group and add /dev/hda1 to it with <span><strong class="command">vgcreate shadowvol /dev/hdb1</strong></span>
+ </p><p>
+<a class="indexterm" name="id2619299"></a>
+ You can use <span><strong class="command">vgdisplay</strong></span> to review information about the volume group.
+ </p></li><li><p>
+<a class="indexterm" name="id2619317"></a>
+ Now you can create the logical volume with something like <span><strong class="command">lvcreate -L400M -nsh_test shadowvol</strong></span>
+ </p><p>
+<a class="indexterm" name="id2619335"></a>
+ This creates the logical volume of 400 MBs named "sh_test" in the volume group we created called shadowvol.
+ If everything is working so far, you should see them in <code class="filename">/dev/shadowvol</code>.
+ </p></li><li><p>
+<a class="indexterm" name="id2619355"></a>
+ Now we should be ready to format the logical volume we named sh_test with <span><strong class="command">mkfs.xfs
+ /dev/shadowvol/sh_test</strong></span>
+ </p><p>
+<a class="indexterm" name="id2619372"></a>
+<a class="indexterm" name="id2619379"></a>
+<a class="indexterm" name="id2619386"></a>
+<a class="indexterm" name="id2619393"></a>
+<a class="indexterm" name="id2619400"></a>
+ You can format the logical volume with any file system you choose, but make sure to use one that allows you to
+ take advantage of the additional features of LVM such as freezing, resizing, and growing your file systems.
+ </p><p>
+<a class="indexterm" name="id2619414"></a>
+<a class="indexterm" name="id2619420"></a>
+<a class="indexterm" name="id2619427"></a>
+ Now we have an LVM volume where we can play with the shadow_copy VFS module.
+ </p></li><li><p>
+<a class="indexterm" name="id2619440"></a>
+<a class="indexterm" name="id2619447"></a>
+<a class="indexterm" name="id2619453"></a>
+ Now we need to prepare the directory with something like
+</p><pre class="screen">
+<code class="prompt">root# </code> mkdir -p /data/shadow_share
+</pre><p>
+ or whatever you want to name your shadow copy-enabled Samba share. Make sure you set the permissions so that
+ you can use it. If in doubt, use <span><strong class="command">chmod 777 /data/shadow_share</strong></span> and tighten the permissions
+ once you get things working.
+ </p></li><li><p>
+<a class="indexterm" name="id2619488"></a>
+ Mount the LVM volume using something like <span><strong class="command">mount /dev/shadowvol/sh_test /data/shadow_share</strong></span>
+ </p><p>
+<a class="indexterm" name="id2619505"></a>
+ You may also want to edit your <code class="filename">/etc/fstab</code> so that this partition mounts during the system boot.
+ </p></li></ul></div></li><li><p><b>Install & Configure the shadow_copy VFS Module. </b>
+ Finally we get to the actual shadow_copy VFS module. The shadow_copy VFS module should be available in Samba
+ 3.0.3 and higher. The smb.conf configuration is pretty standard. Here is our example of a share configured
+ with the shadow_copy VFS module:
+ </p><div class="example"><a name="vfsshadow"></a><p class="title"><b>Example 22.3. Share With shadow_copy VFS</b></p><table class="simplelist" border="0" summary="Simple list"><tr><td> </td></tr><tr><td><em class="parameter"><code>[shadow_share]</code></em></td></tr><tr><td><a class="indexterm" name="id2619562"></a><em class="parameter"><code>comment = Shadow Copy Enabled Share</code></em></td></tr><tr><td><a class="indexterm" name="id2619575"></a><em class="parameter"><code>path = /data/shadow_share</code></em></td></tr><tr><td><a class="indexterm" name="id2619588"></a><em class="parameter"><code>vfs objects = shadow_copy</code></em></td></tr><tr><td><a class="indexterm" name="id2619601"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id2619614"></a><em class="parameter"><code>browseable = yes</code></em></td></tr></table></div></li><li><p><b>Create Snapshots and Make Them Available to shadow_copy.so. </b>
+<a class="indexterm" name="id2619638"></a>
+<a class="indexterm" name="id2619645"></a>
+<a class="indexterm" name="id2619652"></a>
+ Before you can browse the shadow copies, you must create them and mount them. This will most likely be done
+ with a script that runs as a cron job. With this particular solution, the shadow_copy VFS module is used to
+ browse LVM snapshots. Those snapshots are not created by the module. They are not made available by the
+ module either. This module allows the shadow copy-enabled client to browse the snapshots you take and make
+ available.
+ </p><p>
+ Here is a simple script used to create and mount the snapshots:
+</p><pre class="screen">
+#!/bin/bash
+# This is a test, this is only a test
+SNAPNAME=`date +%Y.%m.%d-%H.%M.%S`
+xfs_freeze -f /data/shadow_share/
+lvcreate -L10M -s -n $SNAPNAME /dev/shadowvol/sh_test
+xfs_freeze -u /data/shadow_share/
+mkdir /data/shadow_share/@GMT-$SNAPNAME
+mount /dev/shadowvol/$SNAPNAME \
+ /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
+</pre><p>
+ Note that the script does not handle other things like remounting snapshots on reboot.
+ </p></li><li><p><b>Test From Client. </b>
+ To test, you will need to install the shadow copy client which you can obtain from the <a href="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx" target="_top">Microsoft web site.</a> I
+ only tested this with an XP client so your results may vary with other pre-XP clients. Once installed, with
+ your XP client you can right-click on specific files or in the empty space of the shadow_share and view the
+ "properties." If anything has changed, then you will see it on the "Previous Versions" tab of the properties
+ window.
+ </p></li></ol></div></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2619720"></a>VFS Modules Available Elsewhere</h2></div></div></div><p>
+<a class="indexterm" name="id2619728"></a>
+This section contains a listing of various other VFS modules that have been posted but do not currently reside
+in the Samba CVS tree for one reason or another (e.g., it is easy for the maintainer to have his or her own
+CVS tree).
+</p><p>
+No statements about the stability or functionality of any module should be implied due to its presence here.
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2619746"></a>DatabaseFS</h3></div></div></div><p>
+<a class="indexterm" name="id2619753"></a>
+URL: <a href="http://www.css.tayloru.edu/~elorimer/databasefs/index.php" target="_top">
+Taylors University DatabaeFS</a>
+</p><p>By <a href="mailto:elorimer@css.tayloru.edu" target="_top">Eric Lorimer.</a></p><p>
+I have created a VFS module that implements a fairly complete read-only filesystem. It presents information
+from a database as a filesystem in a modular and generic way to allow different databases to be used.
+(Originally designed for organizing MP3s under directories such as “<span class="quote">Artists,</span>” “<span class="quote">Song
+Keywords,</span>” and so on. I have since easily applied it to a student roster database.) The directory
+structure is stored in the database itself and the module makes no assumptions about the database structure
+beyond the table it requires to run.
+</p><p>
+Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, it
+might prove useful for someone else who wishes to create a virtual filesystem.
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2619805"></a>vscan</h3></div></div></div><a class="indexterm" name="id2619811"></a><p>URL: <a href="http://www.openantivirus.org/projects.php#samba-vscan" target="_top">
+Open Anti-Virus vscan</a>
+</p><p>
+<a class="indexterm" name="id2619832"></a>
+samba-vscan is a proof-of-concept module for Samba, which provides on-access anti-virus support for files
+shared using Samba. samba-vscan supports various virus scanners and is maintained by Rainer Link.
+</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="winbind.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 21. CUPS Printing Support </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 23. Winbind: Use of Domain Accounts</td></tr></table></div></body></html>
projects / samba / blobdiff