[Samba] Log Level For Debugging preexec/postexec?

Adam Tauno Williams awilliam at whitemice.org
Thu Dec 23 13:55:38 UTC 2021

On Wed, 2021-12-22 at 16:33 -0500, Adam Tauno Williams via samba wrote:
> openSUSE LEAP 15.3 samba-4.13.13+git.531.903f5c0ccdc-3.17.1.x86_64
> I have preexec/postexec in use on other Samba servers - - - but on
> this one they do not appear to work.

It appears that apparmor [by default] prevents shell scripts
(/usr/bin/bash) and basically anything else from being executed by

type=AVC msg=audit(1640209580.186:1156): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28232/fd/" pid=28232 comm="smbd" requested_mask="r" denied_mask="r" fsuid=437 ouid=0
type=AVC msg=audit(1640209580.194:1157): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28232 comm="smbd" requested_mask="x" denied_mask="x" fsuid=437 ouid=0
type=AVC msg=audit(1640209583.190:1158): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28233/fd/" pid=28233 comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=AVC msg=audit(1640209583.198:1159): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28233 comm="smbd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> [financials]
>    comment = Financial Documents
>    inherit acls = Yes
>    path = /srv/cifs/financials
>    preexec = /usr/bin/logger -t samba -p local3.info "performing
> postexec"
>    read only = No
>    root postexec = /usr/local/bin/smb-postexec.sh %m %M %d %I %u
> Even changing the preexec to a simple call to logger I get nothing in
> syslog [I do get other messages, such as from vfs_audit].
> Any tips on debugging why these scripts are not performed?

Adam Tauno Williams, awilliam at whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony

More information about the samba mailing list