Bug 156031
| Summary: | Samba full_audit options do not limit logging | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | James J. Moore <jmoore> |
| Component: | samba | Assignee: | Jay Fenlason <fenlason> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | CC: | jfeeney |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 3.0.23a | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-01-22 16:27:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
NOTE: This is meant to replace bug 145222. This bug found on Fedora Core 4, samba-3.0.14a-2 This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks. Testing with recent Samba versions in fc5 no longer shows the behavior originally reported. Works much better now. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.7.7-1.3.1 Description of problem: When activating the full_audit vfs module on a Samba share and specifying user actions to log as options to full_audit, it ignores the options specified and logs all user actions when the user connects using a GUI file browser such as Windows Explorer or Nautilus. On the other hand, when the user connects via smbclient or mounts the share with smbmount and performs actions on the command line, only the actions specified in the options to full_audit are logged. Version-Release number of selected component (if applicable): samba-3.0.10-1.fc3 How reproducible: Always Steps to Reproduce: 1. Create a Samba share definition in /etc/samba/smb.conf. Include the following (for example): vfs objects = full_audit full_audit:prefix = %u|%m full_audit:success = write rename full_audit:failure = connect mkdir rmdir write open unlink rename 2. Set Samba logging level to 2 or higher. 3. Reload Samba. 4. Connect to the created share by mapping a drive from a Windows client or by mounting the share on a Linux client using smbmount or mount.cifs. 5. Navigate the shared filesystem using Windows Explorer or Nautilus. Actual Results: The audit log contained entries such as the following: Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|chdir|ok|chdir|/opt/common/corp Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|. Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|. Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail (No such file or directory)|* Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail (No such file or directory)|* Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|opendir|ok|./ Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|readdir|ok| Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|closedir|ok| Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|./. Expected Results: Given the full_audit options specified for the share, none of these entries should have appeared in the audit log. Additional info: