[PATCH] Log security descriptors coming in from clients
Jeremy Allison
jra at samba.org
Thu Aug 7 13:27:03 MDT 2014
On Thu, Aug 07, 2014 at 12:17:00PM -0700, Christof Schmitt wrote:
> On Thu, Aug 07, 2014 at 12:04:49PM -0700, Jeremy Allison wrote:
> > On Thu, Aug 07, 2014 at 01:44:00PM +0200, Volker Lendecke wrote:
> > > Hi!
> > >
> > > Attached find a set of patches that make full_audit log
> > > incoming security descriptors in SDDL form when a client
> > > wants to set an ACL. A customer wants to diagnose problems
> > > with this, and I don't want to maintain this as a custom
> > > patch :-)
> > >
> > > Review would be appreciated!
> >
> > LGTM - pushed !
>
> Here is a patch that adds the new vfs_full_audit options to the man
> page.
Good point. I'll add them too :-).
> >From 93d34602e92a7f1bd7def5fb888c54b9c066187e Mon Sep 17 00:00:00 2001
> From: Christof Schmitt <cs at samba.org>
> Date: Thu, 7 Aug 2014 12:01:56 -0700
> Subject: [PATCH] doc: Add new parameters to vfs_full_audit man page
>
> Signed-off-by: Christof Schmitt <cs at samba.org>
> ---
> docs-xml/manpages/vfs_full_audit.8.xml | 20 ++++++++++++++++++++
> 1 files changed, 20 insertions(+), 0 deletions(-)
>
> diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
> index 2be26b0..40f2f7e 100644
> --- a/docs-xml/manpages/vfs_full_audit.8.xml
> +++ b/docs-xml/manpages/vfs_full_audit.8.xml
> @@ -202,6 +202,26 @@
> </listitem>
> </varlistentry>
>
> + <varlistentry>
> + <term>full_audit:syslog = BOOL</term>
> + <listitem>
> + <para>If set to true, then send the audit messages to
> + syslog. If set to false, the normal Samba log will be
> + used with a debug level of 1. The default is true.
> + </para>
> + </listitem>
> + </varlistentry>
> +
> + <varlistentry>
> + <term>full_audit:log_secdesc = BOOL</term>
> + <listitem>
> + <para>Log security descriptor changes. If set to true,
> + also log security descriptor changes requested by
> + clients. The default is false.
> + </para>
> + </listitem>
> + </varlistentry>
> +
> </variablelist>
> </refsect1>
>
> --
> 1.7.1
>
More information about the samba-technical
mailing list