[Samba] Log Level For Debugging preexec/postexec?
Adam Tauno Williams
awilliam at whitemice.org
Thu Dec 23 13:55:38 UTC 2021
On Wed, 2021-12-22 at 16:33 -0500, Adam Tauno Williams via samba wrote:
> openSUSE LEAP 15.3 samba-4.13.13+git.531.903f5c0ccdc-3.17.1.x86_64
> I have preexec/postexec in use on other Samba servers - - - but on
> this one they do not appear to work.
It appears that apparmor [by default] prevents shell scripts
(/usr/bin/bash) and basically anything else from being executed by
Samba.
type=AVC msg=audit(1640209580.186:1156): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28232/fd/" pid=28232 comm="smbd" requested_mask="r" denied_mask="r" fsuid=437 ouid=0
type=AVC msg=audit(1640209580.194:1157): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28232 comm="smbd" requested_mask="x" denied_mask="x" fsuid=437 ouid=0
type=AVC msg=audit(1640209583.190:1158): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28233/fd/" pid=28233 comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1640209583.198:1159): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28233 comm="smbd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>
> [financials]
> comment = Financial Documents
> inherit acls = Yes
> path = /srv/cifs/financials
> preexec = /usr/bin/logger -t samba -p local3.info "performing
> postexec"
> read only = No
> root postexec = /usr/local/bin/smb-postexec.sh %m %M %d %I %u
>
> Even changing the preexec to a simple call to logger I get nothing in
> syslog [I do get other messages, such as from vfs_audit].
>
> Any tips on debugging why these scripts are not performed?
--
Adam Tauno Williams, awilliam at whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org
More information about the samba
mailing list