1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
<chapter id="VFS">
<chapterinfo>
&author.jelmer;
&author.jht;
&author.tpot;
<author><firstname>Simo</firstname><surname>Sorce</surname><contrib>original vfs_skel README</contrib></author>
<author><firstname>Alexander</firstname><surname>Bokovoy</surname><contrib>original vfs_netatalk docs</contrib></author>
<author><firstname>Stefan</firstname><surname>Metzmacher</surname><contrib>Update for multiple modules</contrib></author>
</chapterinfo>
<title>Stackable VFS modules</title>
<sect1>
<title>Features and Benefits</title>
<para>
Since Samba-3, there is support for stackable VFS (Virtual File System) modules.
Samba passes each request to access the UNIX file system through the loaded VFS modules.
This chapter covers all the modules that come with the Samba source and references to
some external modules.
</para>
</sect1>
<sect1>
<title>Discussion</title>
<para>
If not supplied with your platform distribution binary Samba package you may have problems
compiling these modules, as shared libraries are compiled and linked in different ways
on different systems. They currently have been tested against GNU/Linux and IRIX.
</para>
<para>
To use the VFS modules, create a share similar to the one below. The
important parameter is the <smbconfoption><name>vfs objects</name></smbconfoption> parameter where
you can list one or more VFS modules by name. For example, to log all access
to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">next configuration</link>:
<smbconfexample id="vfsrecyc">
<title>smb.conf with VFS modules</title>
<smbconfsection>[audit]</smbconfsection>
<smbconfoption><name>comment</name><value>Audited /data directory</value></smbconfoption>
<smbconfoption><name>path</name><value>/data</value></smbconfoption>
<smbconfoption><name>vfs objects</name><value>audit recycle</value></smbconfoption>
<smbconfoption><name>writeable</name><value>yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
</smbconfexample>
</para>
<para>
The modules are used in the order in which they are specified.
Let's say that you want to both have a virus scanner module and a recycle
bin module. It is wise to put the virus scanner module as the first one so
that it is the first that get run an may detect a virus immediately, before
any action is performed on that file.
<smbconfoption><name>vfs objects</name><value>vscan-clamav recycle</value></smbconfoption>
</para>
<para>
Samba will attempt to load modules from the <filename>/lib</filename> directory in the root directory of the
Samba installation (usually <filename>/usr/lib/samba/vfs</filename> or <filename>/usr/local/samba/lib/vfs
</filename>).
</para>
<para>
Some modules can be used twice for the same share.
This can be done using a configuration similar to the one shown in <link linkend="multimodule">the following example</link>.
<smbconfexample id="multimodule">
<title>smb.conf with multiple VFS modules</title>
<smbconfsection>[test]</smbconfsection>
<smbconfoption><name>comment</name><value>VFS TEST</value></smbconfoption>
<smbconfoption><name>path</name><value>/data</value></smbconfoption>
<smbconfoption><name>writeable</name><value>yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>vfs objects</name><value>example:example1 example example:test</value></smbconfoption>
<smbconfoption><name>example1: parameter</name><value>1</value></smbconfoption>
<smbconfoption><name>example: parameter</name><value>5</value></smbconfoption>
<smbconfoption><name>test: parameter</name><value>7</value></smbconfoption>
</smbconfexample>
</para>
</sect1>
<sect1>
<title>Included Modules</title>
<sect2>
<title>audit</title>
<para>
A simple module to audit file access to the syslog
facility. The following operations are logged:
<itemizedlist>
<listitem>share</listitem>
<listitem>connect/disconnect</listitem>
<listitem>directory opens/create/remove</listitem>
<listitem>file open/close/rename/unlink/chmod</listitem>
</itemizedlist>
</para>
</sect2>
<sect2>
<title>extd_audit</title>
<para>
This module is identical with the <command>audit</command> module above except
that it sends audit logs to both syslog as well as the <command>smbd</command> log files. The
<smbconfoption><name>log level</name></smbconfoption> for this module is set in the &smb.conf; file.
</para>
<para>
Valid settings and the information that will be recorded are shown in <link linkend="xtdaudit">the next table</link>.
</para>
<table frame="all" id="xtdaudit">
<title>Extended Auditing Log Information</title>
<tgroup cols="2" align="center">
<thead>
<row><entry align="center">Log Level</entry><entry>Log Details - File and Directory Operations</entry></row>
</thead>
<tbody>
<row><entry align="center">0</entry><entry align="left">Creation / Deletion</entry></row>
<row><entry align="center">1</entry><entry align="left">Create / Delete / Rename / Permission Changes</entry></row>
<row><entry align="center">2</entry><entry align="left">Create / Delete / Rename / Perm Change / Open / Close</entry></row>
</tbody>
</tgroup>
</table>
</sect2>
<sect2 id="fakeperms">
<title>fake_perms</title>
<para>
This module was created to allow Roaming Profile files and directories to be set (on the Samba server
under UNIX) as read only. This module will, if installed on the Profiles share, report to the client
that the Profile files and directories are writeable. This satisfies the client even though the files
will never be overwritten as the client logs out or shuts down.
</para>
</sect2>
<sect2>
<title>recycle</title>
<para>
A Recycle Bin-like module. Where used, unlink calls will be intercepted and files moved
to the recycle directory instead of being deleted. This gives the same effect as the
<guiicon>Recycle Bin</guiicon> on Windows computers.
</para>
<para>
The <guiicon>Recycle Bin</guiicon> will not appear in <application>Windows Explorer</application> views of the network file system
(share) nor on any mapped drive. Instead, a directory called <filename>.recycle</filename> will be
automatically created when the first file is deleted. Users can recover files from the
<filename>.recycle</filename> directory. If the <parameter>recycle:keeptree</parameter> has been
specified, deleted files will be found in a path identical with that from which the file was deleted.
</para>
<para>Supported options for the <command>recycle</command> module are as follow:
<variablelist>
<varlistentry>
<term>recycle:repository</term>
<listitem><para>
Relative path of the directory where deleted files should be moved.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:keeptree</term>
<listitem><para>
Specifies whether the directory structure should be kept or if the files in the directory that is being
deleted should be kept separately in the recycle bin.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:versions</term>
<listitem><para>
If this option is set, two files
with the same name that are deleted will both
be kept in the recycle bin. Newer deleted versions
of a file will be called <quote>Copy #x of <replaceable>filename</replaceable></quote>.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:touch</term>
<listitem><para>
Specifies whether a file's access date should be touched when the file is moved to the recycle bin.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:maxsize</term>
<listitem><para>
Files that are larger than the number of bytes specified by this parameter will not be put into the recycle bin.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:exclude</term>
<listitem><para>
List of files that should not be put into the recycle bin when deleted, but deleted in the regular way.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:exclude_dir</term>
<listitem><para>
Contains a list of directories. When files from these directories are
deleted, they are not put into the
recycle bin but are deleted in the
regular way.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recycle:noversions</term>
<listitem><para>
Opposite of <parameter>recycle:versions</parameter>. If both options are specified, this one takes precedence.
</para></listitem>
</varlistentry>
</variablelist>
</para>
</sect2>
<sect2>
<title>netatalk</title>
<para>
A netatalk module will ease co-existence of Samba and netatalk file sharing services.
</para>
<para>Advantages compared to the old netatalk module:
<itemizedlist>
<listitem><para>Does not care about creating .AppleDouble forks, just keeps them in sync.</para></listitem>
<listitem><para>If a share in &smb.conf; does not contain .AppleDouble item in hide or veto list, it will be added automatically.</para></listitem>
</itemizedlist>
</para>
</sect2>
</sect1>
<sect1>
<title>VFS Modules Available Elsewhere</title>
<para>
This section contains a listing of various other VFS modules that
have been posted but do not currently reside in the Samba CVS
tree for one reason or another (e.g., it is easy for the maintainer
to have his or her own CVS tree).
</para>
<para>
No statements about the stability or functionality of any module
should be implied due to its presence here.
</para>
<sect2>
<title>DatabaseFS</title>
<para>
URL: <ulink noescape="1" url="http://www.css.tayloru.edu/~elorimer/databasefs/index.php">http://www.css.tayloru.edu/~elorimer/databasefs/index.php</ulink>
</para>
<para>By <ulink url="mailto:elorimer@css.tayloru.edu">Eric Lorimer.</ulink></para>
<para>
I have created a VFS module that implements a fairly complete read-only
filesystem. It presents information from a database as a filesystem in
a modular and generic way to allow different databases to be used
(originally designed for organizing MP3s under directories such as
<quote>Artists,</quote> <quote>Song Keywords,</quote> and so on. I have since easily
applied it to a student
roster database.) The directory structure is stored in the
database itself and the module makes no assumptions about the database
structure beyond the table it requires to run.
</para>
<para>
Any feedback would be appreciated: comments, suggestions, patches,
and so on. If nothing else, hopefully it might prove useful for someone
else who wishes to create a virtual filesystem.
</para>
</sect2>
<sect2>
<title>vscan</title>
<para>URL: <ulink noescape="1" url="http://www.openantivirus.org/">http://www.openantivirus.org/</ulink></para>
<para>
<filename>samba-vscan</filename> is a proof-of-concept module for Samba, which
uses the VFS (virtual file system) features of Samba 2.2.x/3.0
alphaX. Of course, Samba has to be compiled with VFS support.
<filename>samba-vscan</filename> supports various virus scanners and is maintained
by Rainer Link.
</para>
</sect2>
</sect1>
</chapter>
|