[Samba] samba file access rate limiting

Jeremy Allison jra at samba.org
Tue Dec 6 17:45:10 UTC 2022

On Tue, Dec 06, 2022 at 01:44:09PM +0100, Petr via samba wrote:
>I have one share with sensitive data and there is many employees with 
>access to that share. I need to ban users trying to copy files from 
>share to other place but users normally editing files left without any 
>I want to set proper logging and set fail2ban to ban user accessing 
>too many files in some time limit.
>I have not find solution how to set samba to log every file access. 
>The current configuration snippet is below.
>vfs objects = full_audit
>full_audit:prefix = %u|%I
>full_audit:success = create_file
>Problem is that it logs directory access too and sometimes it 
>generates many duplicite lines and it will be hard to define correct 
>regex for fail2ban.
>Do you have any advice how to properly set file reading logging?

How can you tell the difference between users copying
files and users who are editing in place ?

I must confess I can't see how you're going to do
this even with perfect logging. Doesn't it depend
on the editor the clients are using too ?

Can you explain a little more ?

More information about the samba mailing list