[PATCH] Log security descriptors coming in from clients
Christof Schmitt
cs at samba.org
Thu Aug 7 13:17:00 MDT 2014
On Thu, Aug 07, 2014 at 12:04:49PM -0700, Jeremy Allison wrote:
> On Thu, Aug 07, 2014 at 01:44:00PM +0200, Volker Lendecke wrote:
> > Hi!
> >
> > Attached find a set of patches that make full_audit log
> > incoming security descriptors in SDDL form when a client
> > wants to set an ACL. A customer wants to diagnose problems
> > with this, and I don't want to maintain this as a custom
> > patch :-)
> >
> > Review would be appreciated!
>
> LGTM - pushed !
Here is a patch that adds the new vfs_full_audit options to the man
page.
Christof
-------------- next part --------------
>From 93d34602e92a7f1bd7def5fb888c54b9c066187e Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Thu, 7 Aug 2014 12:01:56 -0700
Subject: [PATCH] doc: Add new parameters to vfs_full_audit man page
Signed-off-by: Christof Schmitt <cs at samba.org>
---
docs-xml/manpages/vfs_full_audit.8.xml | 20 ++++++++++++++++++++
1 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index 2be26b0..40f2f7e 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -202,6 +202,26 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>full_audit:syslog = BOOL</term>
+ <listitem>
+ <para>If set to true, then send the audit messages to
+ syslog. If set to false, the normal Samba log will be
+ used with a debug level of 1. The default is true.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>full_audit:log_secdesc = BOOL</term>
+ <listitem>
+ <para>Log security descriptor changes. If set to true,
+ also log security descriptor changes requested by
+ clients. The default is false.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
--
1.7.1
More information about the samba-technical
mailing list