[Samba] Files moved around

Philip Washington phwashington at comcast.net
Tue Nov 22 19:20:54 GMT 2005

I have run into a problem where someone is moving files around on one of 
the file servers.
We found the files and then one of the users moved the files back to the 
correct place, but the part which scared me is that I can't tell who 
moved the files around. 
What settings do I need to have set up for logging so that if this 
happens in the future I can find out who is doing this.  Currently I 
have recycling setup and it appears to be working, but these files being 
moved never caused the files to show up in recycling.
I know who moved the files back, but there is no indication in my logs 
or by looking at the ownership of the files that indicates who moved the 
files back. 'ls -l' indicates that root owns the files and the 
directories and that the group is 'Domain Users'


        workgroup = COMP
        netbios name = COMP01B
        server string = samba server
        security = DOMAIN
        password server =
        obey pam restrictions = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/users/%U
        template primary group = "Domain Users"
        template shell = /bin/bash
        winbind separator = +
        hosts allow = 192.168.2. 192.168.5. 127.
        smb ports = 139
        printcap name = /etc/printcap
        wins server =
        load printers = yes
        vfs objects = extd_audit
        log file = /var/log/samba/%U.%m.log
        log level = 0 vfs:2
        max log size = 50

        printer admin = COMP+phwashing phwashing
        lpq cache time = 20
        ;printing = CUPS
        ;printcap = CUPS
        dns proxy = no
        hide dot files = yes
        veto files = /.*/lost*/

        comment = COMPSHARE
        browseable = yes
        path = /COMPSHARE
        read only = no
        valid users = COMP+phwashing,@"COMP+Domain Users"
        write list = @"COMP+Domain Users"
        read list = COMP+phwashing,@"COMP+Domain Users"
        create mask = 0774
        security mask = 0774
        force security mode = 770
        dos filetimes = yes
        directory mask = 2777
        directory security mask = 0770
        force directory security mode = 770
        inherit permissions = yes
        writable = yes
        guest ok = no
        veto oplock files = /COMP.*/

          vfs object = recycle
                recycle:versions = yes
                recycle:touch = yes
                recycle:repository = .recycle/%U
                recycle:keeptree = yes
                recycle:exclude = *.tmp,*.temp

More information about the samba mailing list