Chapter 20. Stackable VFS modules

Jelmer R. Vernooij

The Samba Team

John H. Terpstra

Samba Team

Tim Potter

Samba Team

Simo Sorce

original vfs_skel README

Alexander Bokovoy

original vfs_netatalk docs

Stefan Metzmacher

Update for multiple modules

Table of Contents

Features and Benefits
Discussion
Included Modules
audit
extd_audit
fake_perms
recycle
netatalk
VFS Modules Available Elsewhere
DatabaseFS
vscan

Features and Benefits

Since Samba-3, there is support for stackable VFS (Virtual File System) modules. Samba passes each request to access the UNIX file system through the loaded VFS modules. This chapter covers all the modules that come with the Samba source and references to some external modules.

Discussion

If not supplied with your platform distribution binary Samba package you may have problems compiling these modules, as shared libraries are compiled and linked in different ways on different systems. They currently have been tested against GNU/Linux and IRIX.

To use the VFS modules, create a share similar to the one below. The important parameter is the vfs objects parameter where you can list one or more VFS modules by name. For example, to log all access to files and put deleted files in a recycle bin, see .

Example 20.1. smb.conf with VFS modules

[audit]
comment = Audited /data directory
path = /data
vfs objects = audit recycle
writeable = yes
browseable = yes

The modules are used in the order in which they are specified.

Samba will attempt to load modules from the /lib directory in the root directory of the Samba installation (usually /usr/lib/samba/vfs or /usr/local/samba/lib/vfs ).

Some modules can be used twice for the same share. This can be done using a configuration similar to the one shown in .

Example 20.2. smb.conf with multiple VFS modules

[test]
comment = VFS TEST
path = /data
writeable = yes
browseable = yes
vfs objects = example:example1 example example:test
example1: parameter = 1
example: parameter = 5
test: parameter = 7

Included Modules

audit

A simple module to audit file access to the syslog facility. The following operations are logged:

  • share
  • connect/disconnect
  • directory opens/create/remove
  • file open/close/rename/unlink/chmod

extd_audit

This module is identical with the audit module above except that it sends audit logs to both syslog as well as the smbd log files. The log level for this module is set in the smb.conf file.

Valid settings and the information that will be recorded are shown in .

Table 20.1. Extended Auditing Log Information

Log LevelLog Details - File and Directory Operations
0Creation / Deletion
1Create / Delete / Rename / Permission Changes
2Create / Delete / Rename / Perm Change / Open / Close

fake_perms

This module was created to allow Roaming Profile files and directories to be set (on the Samba server under UNIX) as read only. This module will, if installed on the Profiles share, report to the client that the Profile files and directories are writable. This satisfies the client even though the files will never be overwritten as the client logs out or shuts down.

recycle

A Recycle Bin-like module. Where used, unlink calls will be intercepted and files moved to the recycle directory instead of being deleted. This gives the same effect as the Recycle Bin on Windows computers.

The Recycle Bin will not appear in Windows Explorer views of the network file system (share) nor on any mapped drive. Instead, a directory called .recycle will be automatically created when the first file is deleted. Users can recover files from the .recycle directory. If the recycle:keeptree has been specified, deleted files will be found in a path identical with that from which the file was deleted.

Supported options for the recycle module are as follow:

recycle:repository

Relative path of the directory where deleted files should be moved.

recycle:keeptree

Specifies whether the directory structure should be kept or if the files in the directory that is being deleted should be kept seperately in the recycle bin.

recycle:versions

If this option is set, two files with the same name that are deleted will both be kept in the recycle bin. Newer deleted versions of a file will be called “Copy #x of filename”.

recycle:touch

Specifies whether a file's access date should be touched when the file is moved to the recycle bin.

recycle:maxsize

Files that are larger than the number of bytes specified by this parameter will not be put into the recycle bin.

recycle:exclude

List of files that should not be put into the recycle bin when deleted, but deleted in the regular way.

recycle:exclude_dir

Contains a list of directories. When files from these directories are deleted, they are not put into the recycle bin but are deleted in the regular way.

recycle:noversions

Opposite of recycle:versions. If both options are specified, this one takes precedence.

netatalk

A netatalk module will ease co-existence of Samba and netatalk file sharing services.

Advantages compared to the old netatalk module:

  • Does not care about creating .AppleDouble forks, just keeps them in sync.

  • If a share in smb.conf does not contain .AppleDouble item in hide or veto list, it will be added automatically.

VFS Modules Available Elsewhere

This section contains a listing of various other VFS modules that have been posted but do not currently reside in the Samba CVS tree for one reason or another (e.g., it is easy for the maintainer to have his or her own CVS tree).

No statements about the stability or functionality of any module should be implied due to its presence here.

DatabaseFS

URL: http://www.css.tayloru.edu/~elorimer/databasefs/index.php

By Eric Lorimer.

I have created a VFS module that implements a fairly complete read-only filesystem. It presents information from a database as a filesystem in a modular and generic way to allow different databases to be used (originally designed for organizing MP3s under directories such as “Artists,” “Song Keywords,” and so on. I have since easily applied it to a student roster database.) The directory structure is stored in the database itself and the module makes no assumptions about the database structure beyond the table it requires to run.

Any feedback would be appreciated: comments, suggestions, patches, and so on. If nothing else, hopefully it might prove useful for someone else who wishes to create a virtual filesystem.

vscan

URL: http://www.openantivirus.org/

samba-vscan is a proof-of-concept module for Samba, which uses the VFS (virtual file system) features of Samba 2.2.x/3.0 alphaX. Of course, Samba has to be compiled with VFS support. samba-vscan supports various virus scanners and is maintained by Rainer Link.