1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
(This used to be commit cff77db9f8)
This commit is contained in:
John Terpstra 2005-06-24 22:53:23 +00:00 committed by Gerald W. Carter
parent 6bf7ea511d
commit 59f2b7aecc
2 changed files with 242 additions and 293 deletions

View File

@ -324,7 +324,7 @@ done
<member><para>samba-3.0.20 or later</para></member>
<member><para>samba-client-3.0.20 or later</para></member>
<member><para>samba-winbind-3.0.20 or later</para></member>
<member><para>smbldap-tools Version 0.8.8</para></member>
<member><para>smbldap-tools Version 0.9.1</para></member>
</simplelist>
<para>

View File

@ -16,10 +16,10 @@
<title>Features and Benefits</title>
<para>
Since Samba-3, there is support for stackable VFS (Virtual File System) modules.
Samba passes each request to access the UNIX file system through the loaded VFS modules.
This chapter covers all the modules that come with the Samba source and references to
some external modules.
<indexterm><primary></primary></indexterm>
Stackable VFS (Virtual File System) modules support was new to Samba-3 and has proven quite popular. Samba
passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers the
modules that come with the Samba source and provides references to some external modules.
</para>
@ -29,16 +29,17 @@ some external modules.
<title>Discussion</title>
<para>
If not supplied with your platform distribution binary Samba package you may have problems
compiling these modules, as shared libraries are compiled and linked in different ways
on different systems. They currently have been tested against GNU/Linux and IRIX.
If not supplied with your platform distribution binary Samba package you may have problems compiling these
modules, as shared libraries are compiled and linked in different ways on different systems. They currently
have been tested against GNU/Linux and IRIX.
</para>
<para>
To use the VFS modules, create a share similar to the one below. The
important parameter is the <smbconfoption name="vfs objects"/> parameter where
you can list one or more VFS modules by name. For example, to log all access
to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">next configuration</link>:
To use the VFS modules, create a share similar to the one below. The important parameter is the <smbconfoption
name="vfs objects"/> parameter where you can list one or more VFS modules by name. For example, to log all
access to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">the smb.conf with VFS
modules example</link>:
</para>
<example id="vfsrecyc">
<title>smb.conf with VFS modules</title>
@ -51,26 +52,23 @@ to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">ne
<smbconfoption name="browseable">yes</smbconfoption>
</smbconfblock>
</example>
</para>
<para>
The modules are used in the order in which they are specified.
Let's say that you want to both have a virus scanner module and a recycle
bin module. It is wise to put the virus scanner module as the first one so
that it is the first that get run an may detect a virus immediately, before
any action is performed on that file.
The modules are used in the order in which they are specified. Let's say that you want to both have a virus
scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that
it is the first that get run an may detect a virus immediately, before any action is performed on that file.
<smbconfoption name="vfs objects">vscan-clamav recycle</smbconfoption>
</para>
<para>
Samba will attempt to load modules from the <filename>/lib</filename> directory in the root directory of the
Samba installation (usually <filename>/usr/lib/samba/vfs</filename> or <filename>/usr/local/samba/lib/vfs
</filename>).
Samba installation (usually <filename>/usr/lib/samba/vfs</filename> or
<filename>/usr/local/samba/lib/vfs</filename>).
</para>
<para>
Some modules can be used twice for the same share.
This can be done using a configuration similar to the one shown in <link linkend="multimodule">the following example</link>.
Some modules can be used twice for the same share. This can be done using a configuration similar to the one
shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</link>.
<example id="multimodule">
<title>smb.conf with multiple VFS modules</title>
@ -194,11 +192,11 @@ This can be done using a configuration similar to the one shown in <link linkend
</para>
<para>
The <guiicon>Recycle Bin</guiicon> will not appear in <application>Windows Explorer</application> views of the network file system
(share) nor on any mapped drive. Instead, a directory called <filename>.recycle</filename> will be
automatically created when the first file is deleted. Users can recover files from the
<filename>.recycle</filename> directory. If the <parameter>recycle:keeptree</parameter> has been
specified, deleted files will be found in a path identical with that from which the file was deleted.
The <guiicon>Recycle Bin</guiicon> will not appear in <application>Windows Explorer</application> views of the
network file system (share) nor on any mapped drive. Instead, a directory called <filename>.recycle</filename>
will be automatically created when the first file is deleted. Users can recover files from the
<filename>.recycle</filename> directory. If the <parameter>recycle:keeptree</parameter> has been specified,
deleted files will be found in a path identical with that from which the file was deleted.
</para>
<para>Supported options for the <command>recycle</command> module are as follow:
@ -262,7 +260,8 @@ This can be done using a configuration similar to the one shown in <link linkend
<varlistentry>
<term>recycle:noversions</term>
<listitem><para>
Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning should be used. Only useful when <emphasis>recycle:versions</emphasis> is enabled.
Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning
should be used. Only useful when <emphasis>recycle:versions</emphasis> is enabled.
</para></listitem>
</varlistentry>
</variablelist>
@ -288,43 +287,40 @@ This can be done using a configuration similar to the one shown in <link linkend
<sect2>
<title>shadow_copy</title>
<warning>
<warning><para>
<emphasis>THIS IS NOT A BACKUP, ARCHIVAL, OR VERSION CONTROL SOLUTION!</emphasis>
</para>
<para>
<emphasis>THIS IS NOT A BACKUP, ARCHIVAL, OR VERSION CONTROL
SOLUTION!</emphasis></para>
With Samba or Windows servers, shadow copy is designed to be an end-user tool only. It does not replace or
enhance your backup and archival solutions and should in no way be considered as such. Additionally, if you
need version control, implement a version control system. You have been warned.
</para></warning>
<para>
With Samba or Windows servers, shadow copy is designed to be
an end-user tool only. It does not replace or enhance your
backup and archival solutions and should in no way be
considered as such. Additionally, if you need version
control, implement a version control system. You have been
warned.</para>
</warning>
The shadow_copy module allows you to setup functionality that is similar to MS shadow copy services. When
setup properly, this module allows Microsoft shadow copy clients to browse "shadow copies" on samba shares.
You will need to install the shadow copy client. You can get the MS shadow copy client <ulink noescape="1"
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">here.</ulink>. Note the
additional requirements for pre-Windows XP clients. I did not test this functionality with any pre-Windows XP
clients. You should be able to get more information about MS Shadow Copy <ulink noescape="1"
url="http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx">from the Microsoft's site</ulink>.
</para>
<para>
The shadow_copy module allows you to setup functionality that
is similar to MS shadow copy services. When setup properly,
this module allows Microsoft shadow copy clients to browse
"shadow copies" on samba shares. You will need to install the
shadow copy client. You can get the MS shadow copy client
<ulink noescape="1"
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">here.</ulink>.
Note the additional requirements for pre-Windows XP clients.
I did not test this functionality with any pre-Windows XP
clients. You should be able to get more information about MS
Shadow Copy <ulink noescape="1"
url="http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx">from
the Microsoft's site</ulink>.</para>
<para>
The shadow_copy VFS module requires some underlying file system
setup with some sort of Logical Volume Manager (LVM) such as
LVM1, LVM2, or EVMS. Setting up LVM is beyond the scope of
this document; however, we will outline the steps we took to
test this functionality for <emphasis>example purposes
only.</emphasis> You need to make sure the LVM implementation
you choose to deploy is ready for production. Make sure you
do plenty of tests.</para>
The shadow_copy VFS module requires some underlying file system setup with some sort of Logical Volume Manager
(LVM) such as LVM1, LVM2, or EVMS. Setting up LVM is beyond the scope of this document; however, we will
outline the steps we took to test this functionality for <emphasis>example purposes only.</emphasis> You need
to make sure the LVM implementation you choose to deploy is ready for production. Make sure you do plenty of
tests.
</para>
<para>
Here are some common resources for LVM and EVMS:
</para>
<itemizedlist>
<listitem>
<para><ulink noescape="1"
@ -349,163 +345,131 @@ This can be done using a configuration similar to the one shown in <link linkend
source code and reiserfs.</para>
</listitem>
</itemizedlist>
</para>
<sect3>
<title>Shadow Copy Setup</title>
<para>
At the time of this writing, not much testing has been done.
I tested the shadow copy VFS module with a specific scenario
which was not deployed in a production environment, but more
as a proof of concept. The scenario involved a Samba 3 file
server on Debian Sarge with an XFS file system and LVM1. I
do NOT recommend you use this as a solution without doing
your own due diligence with regard to all the components
presented here. That said, following is an basic outline of
how I got things going.</para>
At the time of this writing, not much testing has been done. I tested the shadow copy VFS module with a
specific scenario which was not deployed in a production environment, but more as a proof of concept. The
scenario involved a Samba 3 file server on Debian Sarge with an XFS file system and LVM1. I do NOT recommend
you use this as a solution without doing your own due diligence with regard to all the components presented
here. That said, following is an basic outline of how I got things going.
</para>
<orderedlist>
<listitem>
<formalpara>
<title>Installed Operating System </title>
<formalpara><title>Installed Operating System </title>
<para>
In my tests, I used <ulink
url="http://www.debian.org/devel/debian-installer/">Debian
Sarge</ulink> (i.e. testing) on an XFS file system.
Setting up the OS is a bit beyond the scope of this
document. It is assumed that you have a working OS
capable of running Samba.</para>
</formalpara>
In my tests, I used <ulink url="http://www.debian.org/devel/debian-installer/">Debian
Sarge</ulink> (i.e. testing) on an XFS file system. Setting up the OS is a bit beyond the scope of this
document. It is assumed that you have a working OS capable of running Samba.
</para></formalpara>
</listitem>
<listitem>
<formalpara>
<title>Install &amp; Configure Samba</title>
<formalpara><title>Install &amp; Configure Samba</title>
<para>
See the <link linkend="introduction">installation
section</link> of this HOWTO for more detail on this.
It doesn't matter if it is a Domain Controller or
Member File Server, but it is assumed that you have a
working Samba 3.0.3 or newer server running.</para>
</formalpara>
See the <link linkend="introduction">installation section</link> of this HOWTO for more detail on this.
It doesn't matter if it is a Domain Controller or Member File Server, but it is assumed that you have a
working Samba 3.0.3 or newer server running.
</para></formalpara>
</listitem>
<listitem>
<formalpara>
<title>Install &amp; Configure LVM</title>
<formalpara><title>Install &amp; Configure LVM</title>
<para>
Before you can make shadow copies available to the
client, you have to create the shadow copies. This is
done by taking some sort of file system snapshot.
Snapshots are a typical feature of Logical Volume
Managers such as LVM, so we first need to have that
setup.</para>
</formalpara>
Before you can make shadow copies available to the client, you have to create the shadow copies. This is
done by taking some sort of file system snapshot. Snapshots are a typical feature of Logical Volume
Managers such as LVM, so we first need to have that setup.
</para></formalpara>
<itemizedlist>
<para>
The following is provided as an example and will be
most helpful for Debian users. Again, this was tested
using the "testing" or "Sarge" distribution.</para>
<listitem>
<para>
Install lvm10 and devfsd packages if you have not
done so already. On Debian systems, you are warned
of the interaction of devfs and lvm1 which requires
the use of devfs filenames. Running
<command>apt-get update &amp;&amp; apt-get install
lvm10 devfsd xfsprogs</command> should do the trick
for this example.</para>
</listitem>
<listitem>
<para>
Now you need to create a volume. You will need to
create a partition (or partitions) to add to your
volume. Use your favorite partitioning tool
(e.g. Linux fdisk, cfdisk, etc.). The partition
type should be set to 0x8e for "Linux LVM." In this
example, we will use /dev/hdb1.</para>
<para>
Once you have the Linux LVM partition (type 0x8e),
you can run a series of commands to create the LVM
volume. You can use several disks and or
partitions, but we will use only one in this
example. You may also need to load the kernel
module with something like <command>modprobe lvm-mod
</command> and set your system up to load it on
reboot by adding it to
(<filename>/etc/modules</filename>). </para>
</listitem>
<listitem>
<para>
Create the physical volume with <command>pvcreate
/dev/hdb1</command></para>
</listitem>
<listitem>
<para>
Create the volume group with and add /dev/hda1 to it
with <command>vgcreate shadowvol /dev/hdb1</command>
The following is provided as an example and will be most helpful for Debian users. Again, this was tested
using the "testing" or "Sarge" distribution.
</para>
<para>
You can use <command>vgdisplay</command> to review
information about the volume group.</para>
</listitem>
<listitem>
<para>
Now you can create the logical volume with something
like <command>lvcreate -L400M -nsh_test
shadowvol</command></para>
Install lvm10 and devfsd packages if you have not done so already. On Debian systems, you are warned of the
interaction of devfs and lvm1 which requires the use of devfs filenames. Running <command>apt-get update
&amp;&amp; apt-get install lvm10 devfsd xfsprogs</command> should do the trick for this example.
</para></listitem>
<listitem><para>
Now you need to create a volume. You will need to create a partition (or partitions) to add to your volume.
Use your favorite partitioning tool (e.g. Linux fdisk, cfdisk, etc.). The partition type should be set to
0x8e for "Linux LVM." In this example, we will use /dev/hdb1.
</para>
<para>
This creates the logical volume of 400MB's named
"sh_test" in the volume group we created called
shadowvol. If everything is working so far, you
should see them in
<filename>/dev/shadowvol</filename>.</para>
</listitem>
<listitem>
Once you have the Linux LVM partition (type 0x8e), you can run a series of commands to create the LVM volume.
You can use several disks and or partitions, but we will use only one in this example. You may also need to
load the kernel module with something like <command>modprobe lvm-mod </command> and set your system up to load
it on reboot by adding it to (<filename>/etc/modules</filename>).
</para></listitem>
<listitem><para>
Create the physical volume with <command>pvcreate /dev/hdb1</command>
</para></listitem>
<listitem><para>
Create the volume group with and add /dev/hda1 to it with <command>vgcreate shadowvol /dev/hdb1</command>
</para>
<para>
Now we should be ready to format the logical volume
we named sh_test with <command>mkfs.xfs
/dev/shadowvol/sh_test</command></para>
You can use <command>vgdisplay</command> to review information about the volume group.
</para></listitem>
<listitem><para>
Now you can create the logical volume with something like <command>lvcreate -L400M -nsh_test shadowvol</command>
</para>
<para>
You can format the logical volume with any file
system you choose, but make sure to use one that
allows you to take advantage of the additional
features of LVM such as freezing, resizing and
growing your file systems.</para>
This creates the logical volume of 400MB's named "sh_test" in the volume group we created called shadowvol.
If everything is working so far, you should see them in <filename>/dev/shadowvol</filename>.
</para></listitem>
<listitem><para>
Now we should be ready to format the logical volume we named sh_test with <command>mkfs.xfs
/dev/shadowvol/sh_test</command>
</para>
<para>
Now we have an LVM volume where we can play with the
shadow_copy VFS module.</para>
</listitem>
<listitem>
You can format the logical volume with any file system you choose, but make sure to use one that allows you to
take advantage of the additional features of LVM such as freezing, resizing and growing your file systems.
</para>
<para>
Now we need to prepare the directory with something
like <command>mkdir -p /data/shadow_share</command>
or whatever you want to name your shadow copy
enabled Samba share. Make sure you set the
permissions such that you can use it. If in doubt,
use <command>chmod 777 /data/shadow_share</command>
and tighten the permissions once you get things
working.</para>
</listitem>
<listitem>
Now we have an LVM volume where we can play with the shadow_copy VFS module.
</para></listitem>
<listitem><para>
Now we need to prepare the directory with something like <command>mkdir -p /data/shadow_share</command> or
whatever you want to name your shadow copy enabled Samba share. Make sure you set the permissions such that
you can use it. If in doubt, use <command>chmod 777 /data/shadow_share</command> and tighten the permissions
once you get things working.
</para></listitem>
<listitem><para>
Mount the LVM volume using something like <command>mount /dev/shadowvol/sh_test /data/shadow_share</command>
</para>
<para>
Mount the LVM volume using something like
<command>mount /dev/shadowvol/sh_test
/data/shadow_share</command></para>
<para>
You may also want to edit your
<filename>/etc/fstab</filename> so that this
partition mounts during the system boot.</para>
</listitem>
You may also want to edit your <filename>/etc/fstab</filename> so that this partition mounts during the system boot.
</para></listitem>
</itemizedlist>
</listitem>
<listitem>
<formalpara>
<title>Install &amp; Configure the shadow_copy VFS
Module</title>
<formalpara><title>Install &amp; Configure the shadow_copy VFS Module</title>
<para>
Finally we get to the actual shadow_copy VFS module.
The shadow_copy VFS module should be available in
Samba 3.0.3 and higher. The smb.conf configuration is pretty
standard. Here is our example of a share configured
with the shadow_copy VFS module:</para>
</formalpara>
Finally we get to the actual shadow_copy VFS module. The shadow_copy VFS module should be available in Samba
3.0.3 and higher. The smb.conf configuration is pretty standard. Here is our example of a share configured
with the shadow_copy VFS module:
</para></formalpara>
<example id="vfsshadow">
<title>Share With shadow_copy VFS</title>
<smbconfblock>
@ -517,24 +481,21 @@ This can be done using a configuration similar to the one shown in <link linkend
<smbconfoption name="browseable">yes</smbconfoption>
</smbconfblock>
</example>
</listitem>
<listitem>
<formalpara>
<title>Create Snapshots and Make Them Available to shadow_copy.so</title>
<formalpara><title>Create Snapshots and Make Them Available to shadow_copy.so</title>
<para>
Before you can browse the shadow copies, you must
create them and mount them. This will most likely be
done with a script that runs as a cron job. With this
particular solution, the shadow_copy VFS module is
used to browse LVM snapshots. Those snapshots are not
created by the module. They are not made available by
the module either. This module allows the shadow copy
enabled client to browse the snapshots you take and
make available.</para>
</formalpara>
Before you can browse the shadow copies, you must create them and mount them. This will most likely be done
with a script that runs as a cron job. With this particular solution, the shadow_copy VFS module is used to
browse LVM snapshots. Those snapshots are not created by the module. They are not made available by the
module either. This module allows the shadow copy enabled client to browse the snapshots you take and make
available.
</para></formalpara>
<para>
Here is a simple script used to create and mount the
snapshots:
Here is a simple script used to create and mount the snapshots:
<screen>
#!/bin/bash
# This is a test, this is only a test
@ -545,28 +506,22 @@ xfs_freeze -u /data/shadow_share/
mkdir /data/shadow_share/@GMT-$SNAPNAME
mount /dev/shadowvol/$SNAPNAME /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
</screen>
Note that the script does not handle other things like
remounting snapshots on reboot.
</para>
</listitem>
Note that the script does not handle other things like remounting snapshots on reboot.
</para></listitem>
<listitem>
<formalpara>
<title>Test From Client</title>
<formalpara><title>Test From Client</title>
<para>
To test, you will need to install the shadow copy
client which you can obtain from the <ulink
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">Microsoft
web site.</ulink> I only tested this with an XP client
so your results may vary with other pre-XP clients.
Once installed, with your XP client you can
right-click on specific files or in the empty space of
the shadow_share and view the "properties". If
anything has changed, then you will see it on the
"Previous Versions" tab of the properties
window. </para>
</formalpara>
To test, you will need to install the shadow copy client which you can obtain from the <ulink
url="http://www.microsoft.com/windowsserver2003/downloads/shadowcopyclient.mspx">Microsoft web site.</ulink> I
only tested this with an XP client so your results may vary with other pre-XP clients. Once installed, with
your XP client you can right-click on specific files or in the empty space of the shadow_share and view the
"properties". If anything has changed, then you will see it on the "Previous Versions" tab of the properties
window.
</para></formalpara>
</listitem>
</orderedlist>
</sect3>
</sect2>
@ -576,42 +531,37 @@ mount /dev/shadowvol/$SNAPNAME /data/shadow_share/@GMT-$SNAPNAME -onouuid,ro
<title>VFS Modules Available Elsewhere</title>
<para>
This section contains a listing of various other VFS modules that
have been posted but do not currently reside in the Samba CVS
tree for one reason or another (e.g., it is easy for the maintainer
to have his or her own CVS tree).
This section contains a listing of various other VFS modules that have been posted but do not currently reside
in the Samba CVS tree for one reason or another (e.g., it is easy for the maintainer to have his or her own
CVS tree).
</para>
<para>
No statements about the stability or functionality of any module
should be implied due to its presence here.
No statements about the stability or functionality of any module should be implied due to its presence here.
</para>
<sect2>
<title>DatabaseFS</title>
<para>
URL: <ulink noescape="1" url="http://www.css.tayloru.edu/~elorimer/databasefs/index.php">http://www.css.tayloru.edu/~elorimer/databasefs/index.php</ulink>
URL: <ulink noescape="1" url="http://www.css.tayloru.edu/~elorimer/databasefs/index.php">
Taylors University DatabaeFS</ulink>
</para>
<para>By <ulink url="mailto:elorimer@css.tayloru.edu">Eric Lorimer.</ulink></para>
<para>
I have created a VFS module that implements a fairly complete read-only
filesystem. It presents information from a database as a filesystem in
a modular and generic way to allow different databases to be used
(originally designed for organizing MP3s under directories such as
<quote>Artists,</quote> <quote>Song Keywords,</quote> and so on. I have since easily
applied it to a student
roster database.) The directory structure is stored in the
database itself and the module makes no assumptions about the database
structure beyond the table it requires to run.
I have created a VFS module that implements a fairly complete read-only filesystem. It presents information
from a database as a filesystem in a modular and generic way to allow different databases to be used
(originally designed for organizing MP3s under directories such as <quote>Artists,</quote> <quote>Song
Keywords,</quote> and so on. I have since easily applied it to a student roster database.) The directory
structure is stored in the database itself and the module makes no assumptions about the database structure
beyond the table it requires to run.
</para>
<para>
Any feedback would be appreciated: comments, suggestions, patches,
and so on. If nothing else, hopefully it might prove useful for someone
else who wishes to create a virtual filesystem.
Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, hopefully it
might prove useful for someone else who wishes to create a virtual filesystem.
</para>
</sect2>
@ -619,14 +569,13 @@ should be implied due to its presence here.
<sect2>
<title>vscan</title>
<para>URL: <ulink noescape="1" url="http://www.openantivirus.org/projects.php#samba-vscan">http://www.openantivirus.org/projects.php#samba-vscan</ulink></para>
<para>URL: <ulink noescape="1" url="http://www.openantivirus.org/projects.php#samba-vscan">
Open Anti-Virus vscan</ulink>
</para>
<para>
samba-vscan is a proof-of-concept module for Samba, which
provides on-access anti-virus support for files shared using
Samba.
samba-vscan supports various virus scanners and is maintained
by Rainer Link.
samba-vscan is a proof-of-concept module for Samba, which provides on-access anti-virus support for files
shared using Samba. samba-vscan supports various virus scanners and is maintained by Rainer Link.
</para>
</sect2>