[Samba] VFS full_audit problem
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Wed Dec 9 16:14:57 MST 2009
On Wed, Dec 09, 2009 at 06:13:35PM -0500, Lennart Sorensen wrote:
> On Wed, Dec 09, 2009 at 11:33:46PM +0100, Volker Lendecke wrote:
> > On Wed, Dec 09, 2009 at 12:29:21PM -0500, Lennart Sorensen wrote:
> > > On Wed, Dec 09, 2009 at 05:47:18PM +0100, Tomasz Przewlucki wrote:
> > > > I had implemented on one of my shares vfs full_audit module. It was
> > > > working with Samba 3.0.x without any problems.
> > > >
> > > > After migration to Samba 3.4.3 this function doesn't work anymore - when
> > > > it's enabled then share isn't accessible from users (it's visible but
> > > > getting error when trying to connect to it).
> > > > Audit and extd_audit vfs's are working fine, but they doesn't meet my
> > > > requirements.
> > > >
> > > > I've tried full_audit on shares with and without extended attributes
> > > > (ext3 with xattr), getting same results.
> > >
> > > Well it broke everything for me too when I enabled it. I did not try
> > > it before though so I have no idea that it used to work. I had to turn
> > > it off right away. It sure seems like tha full_audit is totally broken
> > > at this time (well it logs lots of stuff, it just prevents users from
> > > doing anything too).
> >
> > With a freshly compiled v3-4-test (not very far away from
> > 3.4.3, I'm not aware of significant VFS changes), I set up a
> > share tmp:
> >
> > [tmp]
> > path = /tmp
> > read only = No
> > available = yes
> > vfs objects = full_audit
> > full_audit:prefix = %u|%I
> > full_audit:success = mkdir rename rmdir write open
> > full_audit:failure = none
> >
> > I could connect just fine and do things. What is your exact
> > problem? Do you have logfiles, or an a bit more exact
> > description how to reproduce your failure?
>
> I use posix acl's on ext3 filesystem. I get failures in the log about
> getxattr calls. The user can't read any files, but they can browse
> directories just fine. The unix permissions alone prevent access,
> while the posix acl's are giving access to the users in this case.
>
> The only thing needed to break it is adding 'vfs objects = full_audit'.
> Without that, it works fine. It seems at least in my case that the
> full_audit breaks posix acl support at least.
>
> What kind of logs would be useful?
The error I see in the audit log is:
Dec 3 16:41:50 rceng01 smbd_audit: <username>|<userip>|getxattr|fail (Operation not supported)|<QA/Test-Procedures-Work/Proc-UCP/scripts/no-static-vlan.txt|user.SAMBA_PAI
--
Len Sorensen
More information about the samba
mailing list