Hi all,
I’m reporting my experience in a +40 users office and reasons why not to use shadow copies over samba and btrfs.
First of all, why did i decide to move to a non ext/ufs fs?? Simple answer: i wanted some “backup/versioning” for my office nas to avoid accidental deletes
Real answer: 10 days before XMas 2015 a colleague got a cryptolocker variant (Cryptolocker from Wikipedia) and I had to manage nearly 365K (yes, 365.000 files) files encrypted - I’m used to backup on a daily basis plus incremental backups every 2 hours so we just lost 10-20 files
So, you have to know that ransomware don’t start to encrypt from local machine infected, but first try via network shares, also on hidden files and shadow copies on local pc / remote shadow copies (first reason to avoid shadow copies on Samba)
Secondo reason to avoid: your users don’t need another “toy” to damage theirselves
EDIT - Special Note: Time to recover 365K files from backup, checking for old versions / new versions, etc : 3 days - time to recover via snapshots done every 15-20 minutes: 10-20 seconds, with possible loss of a small amount of files
After reading and thinking about this- how would a cryptolocker actually gain access to my server - you definitely need root to delete btrfs snapshots.
So I read your forum post more closely…you were never talking about btrfs/rockstor in your case. Seems more like FUD to me (prove me wrong!)
We assume that we’re in an office with AD, so our rockstor nas serve files to multiple domain users, so our samba share must have root / domain users as owner / group, right??
Or at least we need a subfolder that will be our users accessible folder with that rights, ok? OK
So, make you samba share with shadow copies, write down the snapshot prefix - create your snapshot task.
First test - snapshots not visible to users - say bye to shadow copies
I’ve changed this file 4-5 times afted 12.26, no details about it
Second test - snapshots visible to users - shadow copies ok
Hey cool, got my shadow copy, i can rollback
And now the nice part, you all think about system protection against deletion, right??? from windows explorer or similar, right (no delete option for shadow copies, see figure)
Pretty sure persistent VSS requires NTFS. Did you enable Samba VFS? That’s the only way Windows clients can use BTRFS snapshots -just like VSS. Looks like Rockstor supports VFS:
Second issue, seems reasonable that users can delete their snapshots with rwx access, right? Worried about ransomware? Remove admistration rights from domain accounts. Create read-only snapshots.
Thanks for your input, I actually would be interested in knowing a bit more about some of it:
During some of our work on Samba earlier this year, we pondered the idea of enabling the Btrfs vfs module in Samba. See the Github issue below:
Would you have any experience and feedback on using the Btrfs vfs module? I would appreciate your input you have any. From reading their docs, it seems like there would be only advantages, but there might be something I’m missing, hence my desire to get user feedback on this anytime possible.
Yes, we do enable some (either globally or on a per share basis) depending on the options selected by the user during the creation of a Samba export, but we also allow any custom setting to smb.conf during the configuration of the Samba service (as long as it doesn’t lead to testparm to error out), so one can enable any vfs module at that time. I believe one can also do that while creating a Samba share but I can’t remember for sure at the moment :-\ .
