File: VFS.html

package info (click to toggle)
samba 2:3.6.6-6+deb7u7
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 160,976 kB
  • sloc: ansic: 1,764,536; xml: 114,867; python: 78,119; perl: 27,633; sh: 13,802; makefile: 4,704; asm: 3,281; cpp: 2,281; yacc: 1,949; exp: 1,784; ada: 1,681; pascal: 1,089; cs: 879; awk: 756; lex: 566; csh: 58; sed: 45; php: 6
file content (531 lines) | stat: -rw-r--r-- 44,521 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�23.�Stackable VFS modules</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="The Official Samba 3.5.x HOWTO and Reference Guide"><link rel="up" href="optional.html" title="Part�III.�Advanced Configuration"><link rel="prev" href="CUPS-printing.html" title="Chapter�22.�CUPS Printing Support"><link rel="next" href="winbind.html" title="Chapter�24.�Winbind: Use of Domain Accounts"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�23.�Stackable VFS modules</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a>�</td><th width="60%" align="center">Part�III.�Advanced Configuration</th><td width="20%" align="right">�<a accesskey="n" href="winbind.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter�23.�Stackable VFS modules"><div class="titlepage"><div><div><h2 class="title"><a name="VFS"></a>Chapter�23.�Stackable VFS modules</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Tim</span> <span class="surname">Potter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:tpot@samba.org">tpot@samba.org</a>&gt;</code></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Simo</span> <span class="surname">Sorce</span></h3><span class="contrib">original vfs_skel README</span>�</div></div><div><div class="author"><h3 class="author"><span class="firstname">Alexander</span> <span class="surname">Bokovoy</span></h3><span class="contrib">original vfs_netatalk docs</span>�</div></div><div><div class="author"><h3 class="author"><span class="firstname">Stefan</span> <span class="surname">Metzmacher</span></h3><span class="contrib">Update for multiple modules</span>�</div></div><div><div class="author"><h3 class="author"><span class="firstname">Ed</span> <span class="surname">Riddle</span></h3><span class="contrib">original shadow_copy docs</span>�</div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="VFS.html#id414711">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="VFS.html#id414746">Discussion</a></span></dt><dt><span class="sect1"><a href="VFS.html#id415127">Included Modules</a></span></dt><dd><dl><dt><span class="sect2"><a href="VFS.html#id415132">audit</a></span></dt><dt><span class="sect2"><a href="VFS.html#id415172">default_quota</a></span></dt><dt><span class="sect2"><a href="VFS.html#id415364">extd_audit</a></span></dt><dt><span class="sect2"><a href="VFS.html#fakeperms">fake_perms</a></span></dt><dt><span class="sect2"><a href="VFS.html#id415677">recycle</a></span></dt><dt><span class="sect2"><a href="VFS.html#id416047">netatalk</a></span></dt><dt><span class="sect2"><a href="VFS.html#id416094">shadow_copy</a></span></dt></dl></dd><dt><span class="sect1"><a href="VFS.html#id416927">VFS Modules Available Elsewhere</a></span></dt><dd><dl><dt><span class="sect2"><a href="VFS.html#id416949">DatabaseFS</a></span></dt><dt><span class="sect2"><a href="VFS.html#id417002">vscan</a></span></dt><dt><span class="sect2"><a href="VFS.html#id417038">vscan-clamav</a></span></dt></dl></dd></dl></div><div class="sect1" title="Features and Benefits"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id414711"></a>Features and Benefits</h2></div></div></div><p>
<a class="indexterm" name="id414719"></a>
<a class="indexterm" name="id414728"></a>
<a class="indexterm" name="id414734"></a>
Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba
passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the
modules that come with the Samba source and provides references to some external modules.
</p></div><div class="sect1" title="Discussion"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id414746"></a>Discussion</h2></div></div></div><p>
<a class="indexterm" name="id414754"></a>
<a class="indexterm" name="id414760"></a>
If not supplied with your platform distribution binary Samba package, you may have problems compiling these
modules, as shared libraries are compiled and linked in different ways on different systems. They currently
have been tested against GNU/Linux and IRIX.
</p><p>
<a class="indexterm" name="id414773"></a>
<a class="indexterm" name="id414780"></a>
<a class="indexterm" name="id414786"></a>
To use the VFS modules, create a share similar to the one below. The important parameter is the <a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects</a> parameter where you can list one or more VFS modules by name. For example, to log all
access to files and put deleted files in a recycle bin, see <a class="link" href="VFS.html#vfsrecyc" title="Example�23.1.�smb.conf with VFS modules">the smb.conf with VFS
modules example</a>:
</p><div class="example"><a name="vfsrecyc"></a><p class="title"><b>Example�23.1.�smb.conf with VFS modules</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[audit]</code></em></td></tr><tr><td><a class="indexterm" name="id414840"></a><em class="parameter"><code>comment = Audited /data directory</code></em></td></tr><tr><td><a class="indexterm" name="id414851"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id414863"></a><em class="parameter"><code>vfs objects = audit recycle</code></em></td></tr><tr><td><a class="indexterm" name="id414874"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id414886"></a><em class="parameter"><code>browseable = yes</code></em></td></tr></table></div></div><br class="example-break"><p>
<a class="indexterm" name="id414900"></a>
<a class="indexterm" name="id414907"></a>
<a class="indexterm" name="id414914"></a>
The modules are used in the order in which they are specified.  Let's say that you want to both have a virus
scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that
it is the first to get run and may detect a virus immediately, before any action is performed on that file.
<a class="link" href="smb.conf.5.html#VFSOBJECTS" target="_top">vfs objects = vscan-clamav recycle</a>
</p><p>
<a class="indexterm" name="id414938"></a>
<a class="indexterm" name="id414944"></a>
Samba will attempt to load modules from the <code class="filename">/lib</code> directory in the root directory of the
Samba installation (usually <code class="filename">/usr/lib/samba/vfs</code> or
<code class="filename">/usr/local/samba/lib/vfs</code>).
</p><p>
<a class="indexterm" name="id414973"></a>
<a class="indexterm" name="id414980"></a>
<a class="indexterm" name="id414986"></a>
<a class="indexterm" name="id414993"></a>
Some modules can be used twice for the same share.  This can be done using a configuration similar to the one
shown in <a class="link" href="VFS.html#multimodule" title="Example�23.2.�smb.conf with multiple VFS modules">the smb.conf with multiple VFS modules</a>.

</p><div class="example"><a name="multimodule"></a><p class="title"><b>Example�23.2.�smb.conf with multiple VFS modules</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[test]</code></em></td></tr><tr><td><a class="indexterm" name="id415032"></a><em class="parameter"><code>comment = VFS TEST</code></em></td></tr><tr><td><a class="indexterm" name="id415043"></a><em class="parameter"><code>path = /data</code></em></td></tr><tr><td><a class="indexterm" name="id415055"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id415066"></a><em class="parameter"><code>browseable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id415078"></a><em class="parameter"><code>vfs objects = example:example1 example example:test</code></em></td></tr><tr><td><a class="indexterm" name="id415089"></a><em class="parameter"><code>example1: parameter = 1</code></em></td></tr><tr><td><a class="indexterm" name="id415101"></a><em class="parameter"><code>example:  parameter = 5</code></em></td></tr><tr><td><a class="indexterm" name="id415112"></a><em class="parameter"><code>test:     parameter = 7</code></em></td></tr></table></div></div><p><br class="example-break">
</p></div><div class="sect1" title="Included Modules"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id415127"></a>Included Modules</h2></div></div></div><div class="sect2" title="audit"><div class="titlepage"><div><div><h3 class="title"><a name="id415132"></a>audit</h3></div></div></div><p>
<a class="indexterm" name="id415140"></a>
		A simple module to audit file access to the syslog facility. The following operations are logged:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>share</p></li><li class="listitem"><p>connect/disconnect</p></li><li class="listitem"><p>directory opens/create/remove</p></li><li class="listitem"><p>file open/close/rename/unlink/chmod</p></li></ul></div><p>
		</p></div><div class="sect2" title="default_quota"><div class="titlepage"><div><div><h3 class="title"><a name="id415172"></a>default_quota</h3></div></div></div><p>
	This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server.
	The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.
	</p><p>
	Samba returns NO_LIMIT as the default quotas by default and refuses to update them. With this module you 
	can store the default quotas that are reported to a windows client, in the quota record of a user. By
	default the root user is taken because quota limits for root are typically not enforced.
	</p><p>
	This module takes 2 parametric entries in the <code class="filename">smb.conf</code> file.  The default prefix for each is the
	<span class="quote">&#8220;<span class="quote">default_quota</span>&#8221;</span>. This can be overwrittem when you load the module in the <span class="emphasis"><em>vfs
	modules</em></span> parameter like this:
</p><pre class="screen">
vfs objects = default_quota:myprefix
</pre><p>
	</p><p>
	The parametric entries that may be specified for the default_quotas module are:
	</p><div class="variablelist"><dl><dt><span class="term">myprefix:uid</span></dt><dd><p>
			This parameter takes a integer argument that specifies the uid of the quota record that will be 
			used for storing the default user quotas.
			</p><p>
			The default value is 0 (for root user). An example of use is:
</p><pre class="screen">
vfs objects = default_quota
default_quota:	uid = 65534
</pre><p>
			The above demonstrates the case where the <code class="constant">myprefix</code> was omitted, thus the
			default prefix is the name of the module. When a <code class="constant">myprefix</code> parameter is
			specified the above can be re-written like this:
</p><pre class="screen">
vfs objects = default_quota:myprefix
myprefix:	uid = 65534
</pre><p>
			</p></dd><dt><span class="term">myprefix:uid nolimit</span></dt><dd><p>
			This parameter takes a boolean argument that specifies if the stored default quota values also be
			reported for the user record, or if the value <code class="constant">NO_LIMIT</code> should be reported to 
			the windows client for the user specified by the <em class="parameter"><code>prefix:uid</code></em> parameter.
			</p><p>
			The default value is <code class="constant">yes</code> (which means to report NO_LIMIT). An example of use
			is shown here:
</p><pre class="screen">
vfs objects = default_quota:myprefix
myprefix:	uid nolimit = no
</pre><p>
			</p></dd><dt><span class="term">myprefix:gid</span></dt><dd><p>
			This parameter takes an integer argument, it's just like the <em class="parameter"><code>prefix&gt;:uid</code></em> but 
			for group quotas.  NOTE: group quotas are not supported from the windows explorer.
			</p><p>
			The default value is 0 (for root group). An example of use is shown here:
</p><pre class="screen">
vfs objects = default_quota
default_quota:	gid = 65534
</pre><p>
			</p></dd><dt><span class="term">myprefix:gid nolimit</span></dt><dd><p>
			This parameter takes a boolean argument, just like the <em class="parameter"><code>prefix&gt;:uid nolimit</code></em> 
			but for group quotas.  NOTE: group quotas are not supported from the windows explorer.
			</p><p>
			The default value is <code class="constant">yes</code> (which means to report NO_LIMIT). An example of use
			is shown here:
</p><pre class="screen">
vfs objects = default_quota
default_quota:	uid nolimit = no
</pre><p>
			</p></dd></dl></div><p>
	An example of use of multiple parametric specifications is shown here:
</p><pre class="screen">
...
vfs objects = default_quota:quotasettings
quotasettings:	uid nolimit = no
quotasettings:	gid = 65534
quotasettings:	gid nolimit = no
...
</pre><p>
	</p></div><div class="sect2" title="extd_audit"><div class="titlepage"><div><div><h3 class="title"><a name="id415364"></a>extd_audit</h3></div></div></div><p>
<a class="indexterm" name="id415372"></a>
<a class="indexterm" name="id415379"></a>
<a class="indexterm" name="id415386"></a>
		This module is identical with the <code class="literal">audit</code> module above except
		that it sends audit logs to both syslog as well as the <code class="literal">smbd</code> log files. The 
		<a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a> for this module is set in the <code class="filename">smb.conf</code> file. 
		</p><p>
		Valid settings and the information that will be recorded are shown in <a class="link" href="VFS.html#xtdaudit" title="Table�23.1.�Extended Auditing Log Information">the next table</a>.
		</p><div class="table"><a name="xtdaudit"></a><p class="title"><b>Table�23.1.�Extended Auditing Log Information</b></p><div class="table-contents"><table summary="Extended Auditing Log Information" border="1"><colgroup><col><col></colgroup><thead><tr><th align="center">Log Level</th><th align="center">Log Details - File and Directory Operations</th></tr></thead><tbody><tr><td align="center">0</td><td align="left">Make Directory, Remove Directory, Unlink</td></tr><tr><td align="center">1</td><td align="left">Open Directory, Rename File, Change Permissions/ACLs</td></tr><tr><td align="center">2</td><td align="left">Open &amp; Close File</td></tr><tr><td align="center">10</td><td align="left">Maximum Debug Level</td></tr></tbody></table></div></div><br class="table-break"><div class="sect3" title="Configuration of Auditing"><div class="titlepage"><div><div><h4 class="title"><a name="id415517"></a>Configuration of Auditing</h4></div></div></div><p>
<a class="indexterm" name="id415524"></a>
		This auditing tool is more flexible than most people will readily recognize. There are a number of ways
		by which useful logging information can be recorded.
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>Syslog can be used to record all transaction. This can be disabled by setting
					in the <code class="filename">smb.conf</code> file <em class="parameter"><code>syslog = 0</code></em>.</p></li><li class="listitem"><p>Logging can take place to the default log file (<code class="filename">log.smbd</code>)
					for all loaded VFS modules just by setting in the <code class="filename">smb.conf</code> file
					<em class="parameter"><code>log level = 0 vfs:x</code></em>, where x is the log level.
					This will disable general logging while activating all logging of VFS
					module activity at the log level specified.</p></li><li class="listitem"><p>Detailed logging can be obtained per user, per client machine, etc.
					This requires the above together with the creative use of the
					<em class="parameter"><code>log file</code></em> settings.</p><p>An example of detailed per-user and per-machine logging can
					be obtained by setting 
					<a class="link" href="smb.conf.5.html#LOGFILE" target="_top">log file = /var/log/samba/%U.%m.log</a>.
					</p></li></ul></div><p>
		Auditing information often must be preserved for a long time. So that the log files do not get rotated
		it is essential that the <a class="link" href="smb.conf.5.html#MAXLOGSIZE" target="_top">max log size = 0</a> be set
		in the <code class="filename">smb.conf</code> file.
		</p></div></div><div class="sect2" title="fake_perms"><div class="titlepage"><div><div><h3 class="title"><a name="fakeperms"></a>fake_perms</h3></div></div></div><p>
<a class="indexterm" name="id415641"></a>
<a class="indexterm" name="id415648"></a>
<a class="indexterm" name="id415654"></a>
<a class="indexterm" name="id415661"></a>
		This module was created to allow Roaming Profile files and directories to be set (on the Samba server
		under UNIX) as read only. This module will, if installed on the Profiles share, report to the client
		that the Profile files and directories are writeable. This satisfies the client even though the files
		will never be overwritten as the client logs out or shuts down.
		</p></div><div class="sect2" title="recycle"><div class="titlepage"><div><div><h3 class="title"><a name="id415677"></a>recycle</h3></div></div></div><p>
<a class="indexterm" name="id415684"></a>
<a class="indexterm" name="id415691"></a>
<a class="indexterm" name="id415698"></a>
		A Recycle Bin-like module. Where used, unlink calls will be intercepted and files moved
		to the recycle directory instead of being deleted. This gives the same effect as the
		<span class="guiicon">Recycle Bin</span> on Windows computers.
		</p><p>
<a class="indexterm" name="id415716"></a>
<a class="indexterm" name="id415722"></a>
<a class="indexterm" name="id415729"></a>
<a class="indexterm" name="id415736"></a>
		The <span class="guiicon">Recycle Bin</span> will not appear in
		<span class="application">Windows Explorer</span> views of the network
		file system (share) nor on any mapped drive. Instead, a directory
		called <code class="filename">.recycle</code> will be automatically created
		when the first file is deleted and <em class="parameter"><code>recycle:repository</code></em>
		is not configured.
		If <em class="parameter"><code>recycle:repository</code></em> is configured, the name
		of the created directory depends on <em class="parameter"><code>recycle:repository</code></em>.
		Users can recover files from the recycle bin. If the
		<em class="parameter"><code>recycle:keeptree</code></em> has been specified,	deleted
		files will be found in a path identical with that from which the
		file was deleted.
		</p><p>Supported options for the <code class="literal">recycle</code> module are as follow:
		</p><div class="variablelist"><dl><dt><span class="term">recycle:repository</span></dt><dd><p>
<a class="indexterm" name="id415809"></a>
				Path of the directory where deleted files should be moved.
				</p></dd><dt><span class="term">recycle:directory_mode</span></dt><dd><p>
<a class="indexterm" name="id415827"></a>
				Set it to the octal mode you want for the recycle directory. With
				this mode the recycle directory	will be created if it not
				exists and the first file is deleted.
				If <em class="parameter"><code>recycle:subdir_mode</code></em> is not set, these
				mode also apply to sub directories.
				If <em class="parameter"><code>directory_mode</code></em> not exists, the default
				mode 0700 is used.
				</p></dd><dt><span class="term">recycle:subdir_mode</span></dt><dd><p>
<a class="indexterm" name="id415859"></a>
				Set it to the octal mode you want for the sub directories of
				the recycle directory. With this mode	the sub directories will
				be created.
				If <em class="parameter"><code>recycle:subdir_mode</code></em> is not set, the
				sub directories will be created with the mode from
				<em class="parameter"><code>directory_mode</code></em>.
				</p></dd><dt><span class="term">recycle:keeptree</span></dt><dd><p>
<a class="indexterm" name="id415890"></a>
				Specifies whether the directory structure should be kept or if the files in the directory that is being 
				deleted should be kept separately in the recycle bin.
				</p></dd><dt><span class="term">recycle:versions</span></dt><dd><p>
<a class="indexterm" name="id415910"></a>
				If this option is set, two files 
				with the same name that are deleted will both 
				be kept in the recycle bin. Newer deleted versions 
				of a file will be called <span class="quote">&#8220;<span class="quote">Copy #x of <em class="replaceable"><code>filename</code></em></span>&#8221;</span>.
				</p></dd><dt><span class="term">recycle:touch</span></dt><dd><p>
<a class="indexterm" name="id415935"></a>
				Specifies whether a file's access date should be touched when the file is moved to the recycle bin.
				</p></dd><dt><span class="term">recycle:touch_mtime</span></dt><dd><p>
<a class="indexterm" name="id415954"></a>
				Specifies whether a file's last modify date date should be touched when the file is moved to the recycle bin.
				</p></dd><dt><span class="term">recycle:maxsize</span></dt><dd><p>
<a class="indexterm" name="id415973"></a>
				Files that are larger than the number of bytes specified by this parameter will not be put into the recycle bin.
				</p></dd><dt><span class="term">recycle:exclude</span></dt><dd><p>
<a class="indexterm" name="id415992"></a>
				List of files that should not be put into the recycle bin when deleted, but deleted in the regular way.
				</p></dd><dt><span class="term">recycle:exclude_dir</span></dt><dd><p>
<a class="indexterm" name="id416010"></a>
				Contains a list of directories. When files from these directories are
				deleted, they are not put into the
				recycle bin but are deleted in the
				regular way.
				</p></dd><dt><span class="term">recycle:noversions</span></dt><dd><p>
<a class="indexterm" name="id416030"></a>
				Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning
				should be used. Only useful when <span class="emphasis"><em>recycle:versions</em></span> is enabled.
				</p></dd></dl></div><p>
		</p></div><div class="sect2" title="netatalk"><div class="titlepage"><div><div><h3 class="title"><a name="id416047"></a>netatalk</h3></div></div></div><p>
<a class="indexterm" name="id416055"></a>
		A netatalk module will ease co-existence of Samba and netatalk file sharing services.
		</p><p>Advantages compared to the old netatalk module:
		</p><div class="itemizedlist"><a class="indexterm" name="id416068"></a><ul class="itemizedlist" type="disc"><li class="listitem"><p>Does not care about creating .AppleDouble forks, just keeps them in sync.</p></li><li class="listitem"><p>If a share in <code class="filename">smb.conf</code> does not contain .AppleDouble item in hide or veto list, it will be added automatically.</p></li></ul></div><p>
		</p></div><div class="sect2" title="shadow_copy"><div class="titlepage"><div><div><h3 class="title"><a name="id416094"></a>shadow_copy</h3></div></div></div><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
<a class="indexterm" name="id416103"></a>
	<span class="emphasis"><em>THIS IS NOT A BACKUP, ARCHIVAL, OR VERSION CONTROL SOLUTION!</em></span>
	</p><p>
<a class="indexterm" name="id416117"></a>
	With Samba or Windows servers, shadow_copy is designed to be an end-user tool only.  It does not replace or
	enhance your backup and archival solutions and should in no way be considered as such.  Additionally, if you
	need version control, implement a version control system.  You have been warned.
	</p></div><p>
	The shadow_copy module allows you to setup functionality that is similar to MS shadow copy services.  When
	setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on Samba shares.
	You will need to install the shadow copy client.  You can get the MS shadow copy client <a class="ulink" href="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx" target="_top">here.</a>.  Note the
	additional requirements for pre-Windows XP clients.  I did not test this functionality with any pre-Windows XP
	clients.  You should be able to get more information about MS Shadow Copy <a class="ulink" href="http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx" target="_top">from the Microsoft's site</a>.
	</p><p>
<a class="indexterm" name="id416154"></a>
<a class="indexterm" name="id416161"></a>
<a class="indexterm" name="id416168"></a>
<a class="indexterm" name="id416174"></a>
<a class="indexterm" name="id416181"></a>
<a class="indexterm" name="id416188"></a>
	The shadow_copy VFS module requires some underlying file system setup with some sort of Logical Volume Manager
	(LVM) such as LVM1, LVM2, or EVMS.  Setting up LVM is beyond the scope of this document; however, we will
	outline the steps we took to test this functionality for <span class="emphasis"><em>example purposes only.</em></span> You need
	to make sure the LVM implementation you choose to deploy is ready for production.  Make sure you do plenty of
	tests.
	</p><p>
	Here are some common resources for LVM and EVMS:
	</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><a class="ulink" href="http://www.sistina.com/products_lvm_download.htm" target="_top">Sistina's
	    LVM1 and LVM2</a></p></li><li class="listitem"><p><a class="ulink" href="http://evms.sourceforge.net/" target="_top">Enterprise Volume Management System (EVMS)</a></p></li><li class="listitem"><p><a class="ulink" href="http://tldp.org/HOWTO/LVM-HOWTO/" target="_top">The LVM HOWTO</a></p></li><li class="listitem"><p>
	      See <a class="ulink" href="http://www-106.ibm.com/developerworks/linux/library/l-lvm/" target="_top">Learning
	      Linux LVM, Part 1</a> and <a class="ulink" href="http://www-106.ibm.com/developerworks/library/l-lvm2.html" target="_top">Learning
	      Linux LWM, Part 2</a> for Daniel Robbins' well-written, two part tutorial on Linux and LVM using LVM
	      source code and reiserfs.</p></li></ul></div><div class="sect3" title="Shadow Copy Setup"><div class="titlepage"><div><div><h4 class="title"><a name="id416266"></a>Shadow Copy Setup</h4></div></div></div><p>
<a class="indexterm" name="id416274"></a>
<a class="indexterm" name="id416281"></a>
	At the time of this writing, not much testing has been done.  I tested the shadow copy VFS module with a
	specific scenario which was not deployed in a production environment, but more as a proof of concept.  The
	scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1.  I do NOT recommend
	you use this as a solution without doing your own due diligence with regard to all the components presented
	here.  That said, following is an basic outline of how I got things going.
	</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p title="Installed Operating System"><b>Installed Operating System .�</b>
		In my tests, I used <a class="ulink" href="http://www.debian.org/devel/debian-installer/" target="_top">Debian
		Sarge</a> (i.e., testing) on an XFS file system.  Setting up the OS is a bit beyond the scope of this
		document.  It is assumed that you have a working OS capable of running Samba.
		</p></li><li class="listitem"><p title="Install &amp; Configure Samba"><b>Install &amp; Configure Samba.�</b>
		See the <a class="link" href="introduction.html" title="Part�I.�General Installation">installation section</a> of this HOWTO for more detail on this.
		It doesn't matter if it is a Domain Controller or Member File Server, but it is assumed that you have a
		working Samba 3.0.3 or later server running.
		</p></li><li class="listitem"><p title="Install &amp; Configure LVM"><b>Install &amp; Configure LVM.�</b>
<a class="indexterm" name="id416350"></a>
<a class="indexterm" name="id416357"></a>
		Before you can make shadow copies available to the client, you have to create the shadow copies.  This is
		done by taking some sort of file system snapshot.  Snapshots are a typical feature of Logical Volume
		Managers such as LVM, so we first need to have that setup.
		</p><div class="itemizedlist"><p>
		The following is provided as an example and will be most helpful for Debian users.  Again, this was tested
		using the "testing" or "Sarge" distribution.
		</p><ul class="itemizedlist" type="disc"><li class="listitem"><p>
<a class="indexterm" name="id416378"></a>
<a class="indexterm" name="id416385"></a>
<a class="indexterm" name="id416392"></a>
<a class="indexterm" name="id416398"></a>
<a class="indexterm" name="id416405"></a>
			Install lvm10 and devfsd packages if you have not done so already.  On Debian systems, you are warned of the
			interaction of devfs and lvm1 which requires the use of devfs filenames.  Running <code class="literal">apt-get update
			&amp;&amp; apt-get install lvm10 devfsd xfsprogs</code> should do the trick for this example.
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416425"></a>
<a class="indexterm" name="id416432"></a>
<a class="indexterm" name="id416439"></a>
<a class="indexterm" name="id416446"></a>
<a class="indexterm" name="id416453"></a>
			Now you need to create a volume.  You will need to create a partition (or partitions) to add to your volume.
			Use your favorite partitioning tool (e.g., Linux fdisk, cfdisk, etc.).  The partition type should be set to
			0x8e for "Linux LVM."  In this example, we will use /dev/hdb1.
			</p><p>
<a class="indexterm" name="id416465"></a>
<a class="indexterm" name="id416472"></a>
<a class="indexterm" name="id416479"></a>
			Once you have the Linux LVM partition (type 0x8e), you can run a series of commands to create the LVM volume.
			You can use several disks and/or partitions, but we will use only one in this example.  You may also need to
			load the kernel module with something like <code class="literal">modprobe lvm-mod</code> and set your system up to load
			it on reboot by adding it to (<code class="filename">/etc/modules</code>).
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416505"></a>
			Create the physical volume with <code class="literal">pvcreate /dev/hdb1</code>
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416522"></a>
<a class="indexterm" name="id416529"></a>
			Create the volume group and add /dev/hda1 to it with <code class="literal">vgcreate shadowvol /dev/hdb1</code>
			</p><p>
<a class="indexterm" name="id416545"></a>
			You can use <code class="literal">vgdisplay</code> to review information about the volume group.
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416563"></a>
			Now you can create the logical volume with something like <code class="literal">lvcreate -L400M -nsh_test shadowvol</code>
			</p><p>
<a class="indexterm" name="id416579"></a>
			This creates the logical volume of 400 MBs named "sh_test" in the volume group we created called shadowvol.
			If everything is working so far, you should see them in <code class="filename">/dev/shadowvol</code>.
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416598"></a>
			Now we should be ready to format the logical volume we named sh_test with <code class="literal">mkfs.xfs
			/dev/shadowvol/sh_test</code>
			</p><p>
<a class="indexterm" name="id416615"></a>
<a class="indexterm" name="id416621"></a>
<a class="indexterm" name="id416628"></a>
<a class="indexterm" name="id416635"></a>
<a class="indexterm" name="id416642"></a>
			You can format the logical volume with any file system you choose, but make sure to use one that allows you to
			take advantage of the additional features of LVM such as freezing, resizing, and growing your file systems.
			</p><p>
<a class="indexterm" name="id416654"></a>
<a class="indexterm" name="id416660"></a>
<a class="indexterm" name="id416667"></a>
			Now we have an LVM volume where we can play with the shadow_copy VFS module.
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416679"></a>
<a class="indexterm" name="id416686"></a>
<a class="indexterm" name="id416693"></a>
			Now we need to prepare the directory with something like
</p><pre class="screen">
<code class="prompt">root# </code> mkdir -p /data/shadow_share
</pre><p>
			or whatever you want to name your shadow copy-enabled Samba share.  Make sure you set the permissions so that
			you can use it.  If in doubt, use <code class="literal">chmod 777 /data/shadow_share</code> and tighten the permissions
			once you get things working.
			</p></li><li class="listitem"><p>
<a class="indexterm" name="id416724"></a>
			Mount the LVM volume using something like <code class="literal">mount /dev/shadowvol/sh_test /data/shadow_share</code>
			</p><p>
<a class="indexterm" name="id416740"></a>
			You may also want to edit your <code class="filename">/etc/fstab</code> so that this partition mounts during the system boot.
			</p></li></ul></div></li><li class="listitem"><p title="Install &amp; Configure the shadow_copy VFS Module"><b>Install &amp; Configure the shadow_copy VFS Module.�</b>
		Finally we get to the actual shadow_copy VFS module.  The shadow_copy VFS module should be available in Samba
		3.0.3 and higher.  The smb.conf configuration is pretty standard.  Here is our example of a share configured
		with the shadow_copy VFS module:
		</p><div class="example"><a name="vfsshadow"></a><p class="title"><b>Example�23.3.�Share With shadow_copy VFS</b></p><div class="example-contents"><table border="0" summary="Simple list" class="simplelist"><tr><td> </td></tr><tr><td><em class="parameter"><code>[shadow_share]</code></em></td></tr><tr><td><a class="indexterm" name="id416794"></a><em class="parameter"><code>comment = Shadow Copy Enabled Share</code></em></td></tr><tr><td><a class="indexterm" name="id416805"></a><em class="parameter"><code>path = /data/shadow_share</code></em></td></tr><tr><td><a class="indexterm" name="id416817"></a><em class="parameter"><code>vfs objects = shadow_copy</code></em></td></tr><tr><td><a class="indexterm" name="id416828"></a><em class="parameter"><code>writeable = yes</code></em></td></tr><tr><td><a class="indexterm" name="id416840"></a><em class="parameter"><code>browseable = yes</code></em></td></tr></table></div></div><br class="example-break"></li><li class="listitem"><p title="Create Snapshots and Make Them Available to shadow_copy.so"><b>Create Snapshots and Make Them Available to shadow_copy.so.�</b>
<a class="indexterm" name="id416863"></a>
<a class="indexterm" name="id416870"></a>
<a class="indexterm" name="id416876"></a>
		Before you can browse the shadow copies, you must create them and mount them.  This will most likely be done
		with a script that runs as a cron job.  With this particular solution, the shadow_copy VFS module is used to
		browse LVM snapshots.  Those snapshots are not created by the module.  They are not made available by the
		module either.  This module allows the shadow copy-enabled client to browse the snapshots you take and make
		available.
		</p><p>
		Here is a simple script used to create and mount the snapshots:
</p><pre class="screen">
#!/bin/bash
# This is a test, this is only a test
SNAPNAME=`date +%Y.%m.%d-%H.%M.%S`
xfs_freeze -f /data/shadow_share/
lvcreate -L10M -s -n $SNAPNAME /dev/shadowvol/sh_test
xfs_freeze -u /data/shadow_share/
mkdir /data/shadow_share/@GMT-$SNAPNAME
mount /dev/shadowvol/$SNAPNAME \
       /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
</pre><p>
		Note that the script does not handle other things like remounting snapshots on reboot.
	    </p></li><li class="listitem"><p title="Test From Client"><b>Test From Client.�</b>
		To test, you will need to install the shadow copy client which you can obtain from the <a class="ulink" href="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx" target="_top">Microsoft web site.</a> I
		only tested this with an XP client so your results may vary with other pre-XP clients.  Once installed, with
		your XP client you can right-click on specific files or in the empty space of the shadow_share and view the
		"properties."  If anything has changed, then you will see it on the "Previous Versions" tab of the properties
		window.
		</p></li></ol></div></div></div></div><div class="sect1" title="VFS Modules Available Elsewhere"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id416927"></a>VFS Modules Available Elsewhere</h2></div></div></div><p>
<a class="indexterm" name="id416935"></a>
This section contains a listing of various other VFS modules that have been posted but do not currently reside
in the Samba CVS tree for one reason or another (e.g., it is easy for the maintainer to have his or her own
CVS tree).
</p><p>
No statements about the stability or functionality of any module should be implied due to its presence here.
</p><div class="sect2" title="DatabaseFS"><div class="titlepage"><div><div><h3 class="title"><a name="id416949"></a>DatabaseFS</h3></div></div></div><p>
<a class="indexterm" name="id416957"></a>
URL: <a class="ulink" href="http://www.css.tayloru.edu/~elorimer/databasefs/index.php" target="_top">
Taylors University DatabaeFS</a>
</p><p>By <a class="ulink" href="mailto:elorimer@css.tayloru.edu" target="_top">Eric Lorimer.</a></p><p>
I have created a VFS module that implements a fairly complete read-only filesystem. It presents information
from a database as a filesystem in a modular and generic way to allow different databases to be used.
(Originally designed for organizing MP3s under directories such as <span class="quote">&#8220;<span class="quote">Artists,</span>&#8221;</span> <span class="quote">&#8220;<span class="quote">Song
Keywords,</span>&#8221;</span> and so on. I have since easily applied it to a student roster database.) The directory
structure is stored in the database itself and the module makes no assumptions about the database structure
beyond the table it requires to run.
</p><p>
Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, it
might prove useful for someone else who wishes to create a virtual filesystem.
</p></div><div class="sect2" title="vscan"><div class="titlepage"><div><div><h3 class="title"><a name="id417002"></a>vscan</h3></div></div></div><a class="indexterm" name="id417007"></a><p>URL: <a class="ulink" href="http://www.openantivirus.org/projects.php#samba-vscan" target="_top">
Open Anti-Virus vscan</a>
</p><p>
<a class="indexterm" name="id417028"></a>
samba-vscan is a proof-of-concept module for Samba, which provides on-access anti-virus support for files
shared using Samba.  samba-vscan supports various virus scanners and is maintained by Rainer Link.
</p></div><div class="sect2" title="vscan-clamav"><div class="titlepage"><div><div><h3 class="title"><a name="id417038"></a>vscan-clamav</h3></div></div></div><p>
Samba users have been using the RPMS from SerNet without a problem.
OpenSUSE Linux users have also used the vscan scanner for quite some time
with excellent results. It does impact overall write performance though.
</p><p>
The following share stanza is a good guide for those wanting to configure vscan-clamav:
</p><pre class="screen">
[share]
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
</pre><p>
The following example of the <code class="filename">vscan-clamav.conf</code> file may help to get this
fully operational:
</p><pre class="screen">
<span style="color: red">&lt;title&gt;VFS: Vscan ClamAV Control File&lt;/title&gt;</span>
#
# /etc/samba/vscan-clamav.conf
#

[samba-vscan]
; run-time configuration for vscan-samba using
; clamd
; all options are set to default values

; do not scan files larger than X bytes. If set to 0 (default),
; this feature is disable (i.e. all files are scanned)
max file size = 10485760

; log all file access (yes/no). If set to yes, every access will
; be logged. If set to no (default), only access to infected files
; will be logged
verbose file logging = no

; if set to yes (default), a file will be scanned while opening
scan on open = yes
; if set to yes, a file will be scanned while closing (default is yes)
scan on close = yes

; if communication to clamd fails, should access to file denied?
; (default: yes)
deny access on error = no

; if daemon failes with a minor error (corruption, etc.),
; should access to file denied?
; (default: yes)
deny access on minor error = no

; send a warning message via Windows Messenger service
; when virus is found?
; (default: yes)
send warning message = yes

; what to do with an infected file
; quarantine: try to move to quantine directory
; delete:     delete infected file
; nothing:    do nothing (default)
infected file action = quarantine

; where to put infected files - you really want to change this!
quarantine directory  = /opt/clamav/quarantine
; prefix for files in quarantine
quarantine prefix = vir-

; as Windows tries to open a file multiple time in a (very) short time
; of period, samba-vscan use a last recently used file mechanism to avoid
; multiple scans of a file. This setting specified the maximum number of
; elements of the last recently used file list. (default: 100)
max lru files entries = 100

; an entry is invalidad after lru file entry lifetime (in seconds).
; (Default: 5)
lru file entry lifetime = 5

; exclude files from being scanned based on the MIME-type! Semi-colon
; separated list (default: empty list). Use this with care!
exclude file types =

; socket name of clamd (default: /var/run/clamd). Setting will be ignored if
; libclamav is used
clamd socket name = /tmp/clamd

; limits, if vscan-clamav was build for using the clamav library (libclamav)
; instead of clamd

; maximum number of files in archive (default: 1000)
libclamav max files in archive = 1000

; maximum archived file size, in bytes (default: 10 MB)
libclamav max archived file size = 5242880

; maximum recursion level (default: 5)
libclamav max recursion level = 5
</pre><p>
Obviously, a running clam daemon is necessary for this to work. This is a working example for me using ClamAV.
The ClamAV documentation should provide additional configuration examples. On your system these may be located
under the <code class="filename">/usr/share/doc/</code> directory. Some examples may also target other virus scanners,
any of which can be used.
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="CUPS-printing.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="winbind.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�22.�CUPS Printing Support�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Chapter�24.�Winbind: Use of Domain Accounts</td></tr></table></div></body></html>