The Samba module vfs_shadow_copy2 is useful for shares hosted on snapshot capable filesystems/storage. This module allows previous “snapshot” versions of a share to be made visible to users. This allows for self-service restore of files by end users. On a given share, in smb.conf, you configure something like
[data] vfs objects = acl_xattr btrfs shadow_copy2 path = /btrfs/samba/data shadow:basedir = /btrfs/samba/data shadow:snapdir = ../data_SNAPS
Depending on your version of Samba, to use the above which includes the “../” link, you might need to add some/all of the below options:
unix extensions = no wide links = yes allow insecure wide links = yes
In the 4.3.x and 4.4.x releases there have been a few changes to the vfs_shadow_copy2 module meaning the above three options may or may not have been needed. The jump from 4.4.9 to 4.4.10 addressed Samba BUG 12531. This again involved changes to the vfs_shadow_copy2 module, again breaking the above config (with or without the three options listed). I’ve changed the above config on the share to be
[data] vfs objects = acl_xattr btrfs shadow_copy2 path = /btrfs/samba/data shadow:basedir = /btrfs/samba/data shadow:snapdir = /btrfs/samba/data_SNAPS
which works without the three options above. Samba 4.4.13, 4.5.8, 4.6.2 also work with the above. Its frustrating since relative (which I assume includes “../”) directories are supposed to be supported with “shadow:snapdir”. Hopefully this configuration now works for all releases going forward.
I find it frustrating that minor releases can break working configs. It makes it difficult to quickly deploy security fixes as the required level of testing is much higher than one would expect for minor releases. This subtle change to the config option is not documented or mentioned in the release notes. Anyway, more of a rant post than usual… apologies for that!
Hi
I think in Ubuntu samba 4.3.11 acl_xattr stops working when using shadow_copy2
It is impossible to change windows permissions and create folders in share which has
vfs objects = acl_xattr btrfs shadow_copy2 enabled
Is it a bug ?
@Lukasz,
can confirm the same problem with Ubuntu samba 4.3.11. I am stuck with the same issue and just learned painfully what you mean with your post.
I haven’t seen anywhere else some information regarding this issue in the net. I assume this is a bug, but ubuntu server frequently has buggy packages, so where does the bug come from?
Also log level seems to have issues. e.g. setting loglevel only for vfs:10 (to avoid flooding the log-file) seems not to produce the log output that you otherwise see with the log-level generally set to 10.