The Samba module vfs_shadow_copy2 is useful for shares hosted on snapshot capable filesystems/storage. This module allows previous “snapshot” versions of a share to be made visible to users.  This allows for self-service restore of files by end users. On a given share, in smb.conf, you configure something like

[data]
 vfs objects = acl_xattr btrfs shadow_copy2
 path = /btrfs/samba/data
 shadow:basedir = /btrfs/samba/data
 shadow:snapdir = ../data_SNAPS

Depending on your version of Samba, to use the above which includes the “../” link, you might need to add some/all of the below options:

unix extensions = no
wide links = yes
allow insecure wide links = yes

In the 4.3.x and 4.4.x releases there have been a few changes to the vfs_shadow_copy2 module meaning the above three options may or may not have been needed. The jump from 4.4.9 to 4.4.10 addressed Samba BUG 12531. This again involved changes to the vfs_shadow_copy2 module, again breaking the above config (with or without the three options listed). I’ve changed the above config on the share to be

[data]
 vfs objects = acl_xattr btrfs shadow_copy2
 path = /btrfs/samba/data
 shadow:basedir = /btrfs/samba/data
 shadow:snapdir = /btrfs/samba/data_SNAPS

which works without the three options above. Samba 4.4.13, 4.5.8, 4.6.2 also work with the above. Its frustrating since relative (which I assume includes “../”) directories are supposed to be supported with “shadow:snapdir”. Hopefully this configuration now works for all releases going forward.

I find it frustrating that minor releases can break working configs. It makes it difficult to quickly deploy security fixes as the required level of testing is much higher than one would expect for minor releases. This subtle change to the config option is not documented or mentioned in the release notes.  Anyway, more of a rant post than usual… apologies for that!

2 thoughts on “Samba vfs_shadow_copy2 annoyance

  1. Hi
    I think in Ubuntu samba 4.3.11 acl_xattr stops working when using shadow_copy2
    It is impossible to change windows permissions and create folders in share which has
    vfs objects = acl_xattr btrfs shadow_copy2 enabled
    Is it a bug ?

    Reply
    • @Lukasz,

      can confirm the same problem with Ubuntu samba 4.3.11. I am stuck with the same issue and just learned painfully what you mean with your post.

      I haven’t seen anywhere else some information regarding this issue in the net. I assume this is a bug, but ubuntu server frequently has buggy packages, so where does the bug come from?

      Also log level seems to have issues. e.g. setting loglevel only for vfs:10 (to avoid flooding the log-file) seems not to produce the log output that you otherwise see with the log-level generally set to 10.

      Reply

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

required