[Samba] VFS full_audit problem

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Wed Dec 9 16:13:35 MST 2009 

On Wed, Dec 09, 2009 at 11:33:46PM +0100, Volker Lendecke wrote:
> On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> > On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > > I had implemented on one of my shares vfs full_audit module. It was  
> > > working with Samba 3.0.x without any problems.
> > >
> > > After migration to Samba 3.4.3 this function doesn't work anymore - when  
> > > it's enabled then share isn't accessible from users (it's visible but  
> > > getting error when trying to connect to it).
> > > Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> > > requirements.
> > >
> > > I've tried full_audit on shares with and without extended attributes  
> > > (ext3 with xattr), getting same results.
> > 
> > Well it broke everything for me too when I enabled it.  I did not try
> > it before though so I have no idea that it used to work.  I had to turn
> > it off right away.  It sure seems like tha full_audit is totally broken
> > at this time (well it logs lots of stuff, it just prevents users from
> > doing anything too).
> 
> With a freshly compiled v3-4-test (not very far away from
> 3.4.3, I'm not aware of significant VFS changes), I set up a
> share tmp:
> 
> [tmp]   
>         path = /tmp
>         read only = No
>         available = yes
>         vfs objects = full_audit
>         full_audit:prefix = %u|%I
>         full_audit:success = mkdir rename rmdir write open
>         full_audit:failure = none
> 
> I could connect just fine and do things. What is your exact
> problem? Do you have logfiles, or an a bit more exact
> description how to reproduce your failure?

I use posix acl's on ext3 filesystem.  I get failures in the log about
getxattr calls.  The user can't read any files, but they can browse
directories just fine.  The unix permissions alone prevent access,
while the posix acl's are giving access to the users in this case.

The only thing needed to break it is adding 'vfs objects = full_audit'.
Without that, it works fine.  It seems at least in my case that the
full_audit breaks posix acl support at least.

What kind of logs would be useful?

-- 
Len Sorensen

More information about the samba mailing list