[Samba] VFS full_audit problem

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Wed Dec 9 16:14:57 MST 2009 

On Wed, Dec 09, 2009 at 06:13:35PM -0500, Lennart Sorensen wrote:
> On Wed, Dec 09, 2009 at 11:33:46PM +0100, Volker Lendecke wrote:
> > On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> > > On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > > > I had implemented on one of my shares vfs full_audit module. It was  
> > > > working with Samba 3.0.x without any problems.
> > > >
> > > > After migration to Samba 3.4.3 this function doesn't work anymore - when  
> > > > it's enabled then share isn't accessible from users (it's visible but  
> > > > getting error when trying to connect to it).
> > > > Audit and extd_audit vfs's are working fine, but they doesn't meet my  
> > > > requirements.
> > > >
> > > > I've tried full_audit on shares with and without extended attributes  
> > > > (ext3 with xattr), getting same results.
> > > 
> > > Well it broke everything for me too when I enabled it.  I did not try
> > > it before though so I have no idea that it used to work.  I had to turn
> > > it off right away.  It sure seems like tha full_audit is totally broken
> > > at this time (well it logs lots of stuff, it just prevents users from
> > > doing anything too).
> > 
> > With a freshly compiled v3-4-test (not very far away from
> > 3.4.3, I'm not aware of significant VFS changes), I set up a
> > share tmp:
> > 
> > [tmp]   
> >         path = /tmp
> >         read only = No
> >         available = yes
> >         vfs objects = full_audit
> >         full_audit:prefix = %u|%I
> >         full_audit:success = mkdir rename rmdir write open
> >         full_audit:failure = none
> > 
> > I could connect just fine and do things. What is your exact
> > problem? Do you have logfiles, or an a bit more exact
> > description how to reproduce your failure?
> 
> I use posix acl's on ext3 filesystem.  I get failures in the log about
> getxattr calls.  The user can't read any files, but they can browse
> directories just fine.  The unix permissions alone prevent access,
> while the posix acl's are giving access to the users in this case.
> 
> The only thing needed to break it is adding 'vfs objects = full_audit'.
> Without that, it works fine.  It seems at least in my case that the
> full_audit breaks posix acl support at least.
> 
> What kind of logs would be useful?

The error I see in the audit log is:

Dec  3 16:41:50 rceng01 smbd_audit: <username>|<userip>|getxattr|fail (Operation not supported)|<QA/Test-Procedures-Work/Proc-UCP/scripts/no-static-vlan.txt|user.SAMBA_PAI

-- 
Len Sorensen

More information about the samba mailing list