I'm running an Ubuntu Server 24 VM that has several Samba shares set up. Currently, we use a Windows server for file sharing and SQL management, but I want to offload some of that to my Ubuntu server. We previously relied on three daily shadow copies for quick recovery from accidental deletions or document overwrites, which has saved our skin during ransomware incidents. I'm considering adding a drive to my Ubuntu VM and setting it up with ZFS for its snapshot capabilities. Is using ZFS the best approach, or is it overkill for my needs?
2 Answers
I have a similar setup using ZFS with Samba, and it works really well for shadow copies. I suggest automating the snapshots using sanoid to make things seamless – it labels snapshots in a way that integrates with Samba's 'shadow_copy2' module. You can easily configure multiple snapshots throughout the day without much hassle because ZFS is efficient with its copy-on-write system. For your Samba config, include:
vfs objects = shadow_copy2
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:snapprefix = ^autosnap
shadow:delimiter = _
shadow:format = _%F_%T
This will allow you to manage file versions just like the Windows shadow copies, enabling effortless restoration and inspection.
Samba has features that can handle much of what you're looking for. In your Samba config (specifically in /etc/samba/smb.conf), you can configure a recycle bin to recover deleted files. Just use these settings:
recycle: repository = .recycle/%U
recycle: directory_mode = 0770
recycle: subdir_mode = 0700
recycle: touch = Yes
recycle: keeptree = Yes
recycle: versions = Yes
On top of that, setting up hourly snapshots with tools like sanoid/syncoid is a great way to manage backups alongside your Samba shares.
I’m trying to get shadow copies working too and had a few questions about your config:
- What’s the purpose of the '%' at the end of shadow:format?
- Isn’t %F equivalent to %Y-%m-%d? Should %T also be included for full timestamp accuracy?
- Do I need to start shadow:format with an underscore if shadow:delimiter is already set to underscore?