an UNIX Systems Administrator's Guide

01/02/2007


Examples using VFS Recycle Bin module

It's been requested that I give some examples of the smb.conf syntax for use with the VFS module included within samba. The following is the options we use with our samba implementation:

[homes]
comment = UNIX Home Directory
read only = No
create mode = 0640
force create mode = 0040
directory mode = 0750
force directory mode = 0000
browseable = No
vfs object = recycle vscan-sophos
vscan-sophos: config-file = /etc/samba/vscan-sophos.conf
recycle:repository = Recycle Bin
recycle:keeptree = Yes
recycle:versions = Yes

[www]
comment = http://www.amherst.edu/~%u
path = %H/public_html
guest ok = No
read only = No
inherit permissions = Yes
inherit acls = Yes
vfs object = recycle vscan-sophos
vscan-sophos: config-file = /etc/samba/vscan-sophos.conf
recycle:repository = Recycle Bin
recycle:keeptree = Yes
recycle:versions = Yes


Samba-based Network Recycle Bin

The day-to-day administration of a heterogeneous network can be complex. System administrators are constantly presented with significant challenges controlling the backup, restoration and management of user data. This complexity has been somewhat reduced with the modern implementation of scalable centralized storage. However, those servers create yet another problem; their size is pushing traditional tape drive technology to the limits. Protecting network file servers with tape media is starting to exceed the time window available for both backup and restore operations. It is now reasonable to use online disk storage as a compliment to nightly backups, since the cost/GB of disk storage is steadily approaching the cost of tape storage. This concept of online backups has been incorporated in the high-end storage market, and it is logical to include similar functionality in samba.

Historically, recycle bins or trashcans have been incorporated into the GUI desktops of the major operating systems, providing a convenient mechanism for recovery of accidentally deleted files. But recycle bins have never included data protection of network files. Leveraging samba’s cross-platform connectivity, the patch developed rewrites the samba delete function and effectively replaces it with a move. This addition is transparent, so when a user deletes a network file, it will appear to have been deleted, but it will, in fact, be moved to the directory specified as the network recycle bin. By associating the recycle bin within each network share, users will be able to quickly recover deleted files without technical assistance or requesting a restore from tape. They will be able to do this simply by restoring the deleted file from their network recycle bin, as they would from a local recycle bin. Ideally, this will minimize the time involved with users’ restores by allowing them to manage their own file recovery.

I have used this patch to implement a samba-based network recycle bin on my own network. Note that this business of deleting (or not deleting) files is an extremely critical operation. The patch works for me, but you should confirm it works for you before depending on it. Before implementing any change to a production system, be sure to test it thoroughly in your own environment.

Installation of the Patch

In this article I refer to the most recent stable release of samba, version 2.2.5. You can download the tarball from www.samba.org. The system used for this installation was x86-based Linux running Red Hat 7.2. This patch should work with any system where that version of samba has been successfully installed. Specifically, this patch adds an advanced share parameter for Samba called Recycle Bin. The current feature set of this patch include: 

  • Recycled files are never overwritten; they will be appended with an auto-incrementing alpha-numeric suffix. i.e.. somefile.txt becomes somefile.txt (Copy #1).txt, the additional extension will guarantee file type support.

  • will be created.

  • If the Recycle Bin directory doesn't exist, it will be created.

  • If a file in the Recycle Bin is deleted, it will be removed.

  • If the Recycle Bin is deleted, it and its contents will be removed.

  • Cross-filesystem support. This allows for central management of users’ recycle bin vs. user-controlled.

  • Quota support.

 The latest diff patches, proto.h, loadparm.c, and reply.c can be downloaded here:

NEW Samba 2.2.5

proto.h
Archive loadparm.c
reply.c

note 1: RedHat 7.1 seems to have changed the location of quota.h, which has adversely affected --with-quotas support in Samba.

note 2: The updated version of reply.c.patch fixes  the problem where the recycle bin directory had the permissions 0755, which meant anybody could view the contents of that directory. I have added a variable dir_mask which has been set 0700.

note 3: Hooray!!! --with-quotas support has returned to samba and Red Hat 7.2. Now when you map a samba drive it displays that user's quota, instead of the total disk space.

note 4: Fixed a minor bug with the recycle bin directory auto creation. When a user was over quota and the recycle bin directory didn't exist, the system would fail when trying to create it. This cause the entire delete process to fail.

The patch installation instructions assume you saved the patch files in root's home directory. You may need to adjust the locations of the patch files and samba source files. If you are unfamiliar with the patch command, patch takes a patchfile containing a difference listing produced by the diff program and applies those differences to one or more original files, producing a patched version. More information can be found using the man pages. To install the patch login as root and issue the following commands.

# patch /root/samba-2.0.9/source/include/proto.h /root/proto.h.patch
# patch /root/samba-2.0.9/source/param/loadparm.c /root/loadparm.c.patch
# patch /root/samba-2.0.9/source/smbd/reply.c /root/reply.c.patch

After you have successfully patched the system files, find loadparm.o and reply.o, and remove those files manually or use make clean. By removing just the affected object files you will speed up the recompile. You may also want to change the current configuration of your makefile, options for this can be found by using configure –help. Samba comes with a rich set of options, most of which, are out of the scope of this article. I would recommend exploring these options, since many of them solve administrative problems. Next, rebuild the samba source by issuing the make command. After make has finished, you need to install the patched source, to do this issue make install. That's it, now restart samba to confirm the patch installation works properly.

Samba Configuration

Samba can be configured by two methods. The first is manually editing samba’s text configuration file, which is called smb.conf. This file is located in /usr/local/samba/lib, by default, but may be in a different location depending on your installation. The second method is samba’s web-based GUI. Both methods support the recycle bin parameter. I have tried to make the syntax as simple as possible. The share parameter recycle bin relates to the directory name and without any additional path information it is relative to the root of the defined share. The recycle bin parameter also accepts absolute paths and samba variables. 

This example of smb.conf, will create a directory called .recycled in home directory of each user. Any time a user deletes a file it will be moved to .recycled

[homes]

comment = Home Directories
writeable = Yes
browseable = No
recycle bin = .recycled

note:  by using the . in the name you can make your recycle bin hidden.

This example sets the user recycle bin to /tmp. This allows for central management of all the user recycle bins on a separate filesystem. 

[homes]

comment = Home Directories
writeable = Yes
browseable = No
recycle bin = /tmp/%U

[backup]

comment = Your Online Backup
path = /tmp/%U

Quota Configuration

The samba documentation in quota.c says it all, "This is one of the most system dependent parts of Samba, and it’s done a little differently." I have done a lot of work on system quota support. In our institution it is critical that the users quota controls the functionality of the recycle bin. I have configured our samba installation with quota support enabled, but I have found that that feature has little to do with quota control. It turns out that this option displays the capacity of a mapped Windows/Samba drive based upon the connecting user’s quota. It is a nice feature to enable so a user can see their quota usage. In terms of quota, I have removed any system dependencies associated with the patch. So it should work with a system using quotas or not, and with or without the --with-quotas support compiled into samba.

UNIX Systems Integration

With some careful consideration, your Unix server can be integrated with samba to provide a more informative environment for your users. For example, when a user logs into a Unix server that has quotas enabled, the system does a quota check for that user. If the user were over their quota, it would be useful to suggest that their recycle bin can be deleted. Again, this allows users to manage their own data and minimizes the direct involvement of the system administrator.

Our users access their data from multiple platforms. So to completely protect the entire user data space, I wrote a wrapper for the Unix rm command to mimic the functionality of the samba recycle bin. This way when a user deletes a file from the Unix command line, the file will be moved into the same recycle bin. Another issue to consider is management of individual user recycle bins. Without proper maintenance, the recycle bins can grow quickly. Ideally, users will manage their own, but you might like to encourage timely remove of old files. The recycle bins can be scrubbed for files older than some date using the following:

find /home/*/.recycled –type f -atime +15 -exec rm {} \;

With a cron job and the find command, management of recycle bins can be automated. This will minimize the risk that a user will unexpectedly trip their quota limit. The drawback to automatically managing user data is the possibility that you remove a file that they might need. As the system administrator, you will have to judge the tradeoff on automatically managing their data.

Conclusion

With the advent of large-scale centralized storage, the feasibility of timely restores of user data is uncertain. The high-end storage market has realized this problem, and provides a mechanism to empower the users to manage their own file recovery. This patch tries to address these problems, but it still has little affect if the user overwrites a file. In this circumstance, a restore from tape will still be necessary. Future versions of this patch may provide this protection by taking a snapshot of the entire user directory. This functionality may actually replace the need for nightly backup completely.

The original discussion of a samba-based network recycle bin was introduced on March 2000 in the samba-ntdom newsgroup, sponsored by the samba.org.  I would like to take this opportunity to thank Peter Samuelson for his preliminary work. Without it, I doubt I would have been able to complete this patch.
 

Copyright (C) 2001, Brandon Stone, Amherst College.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

See: http://www.gnu.org/copyleft/gpl.html