Bug 156031 - Samba full_audit options do not limit logging
Samba full_audit options do not limit logging
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-26 15:25 EDT by James J. Moore
Modified: 2014-08-31 19:27 EDT (History)
1 user (show)

See Also:
Fixed In Version: 3.0.23a
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-22 11:27:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James J. Moore 2005-04-26 15:25:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.7.7-1.3.1

Description of problem:
When activating the full_audit vfs module on a Samba share and specifying user actions to log as options to full_audit, it ignores the options specified and logs all user actions when the user connects using a GUI file browser such as Windows Explorer or Nautilus.  On the other hand, when the user connects via smbclient or mounts the share with smbmount and performs actions on the command line, only the actions specified in the options to full_audit are logged.

Version-Release number of selected component (if applicable):
samba-3.0.10-1.fc3

How reproducible:
Always

Steps to Reproduce:
1.  Create a Samba share definition in /etc/samba/smb.conf.  Include the following (for example):
    vfs objects = full_audit
    full_audit:prefix = %u|%m
    full_audit:success = write rename
    full_audit:failure = connect mkdir rmdir write open unlink rename

2.  Set Samba logging level to 2 or higher.
3.  Reload Samba.
4.  Connect to the created share by mapping a drive from a Windows client or by mounting the share on a Linux client using smbmount or mount.cifs.
5.  Navigate the shared filesystem using Windows Explorer or Nautilus.
  

Actual Results:  The audit log contained entries such as the following:
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|chdir|ok|chdir|/opt/common/corp
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|opendir|ok|./
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|readdir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|closedir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|./.


Expected Results:  Given the full_audit options specified for the share, none of these entries should have appeared in the audit log.

Additional info:
Comment 1 James J. Moore 2005-04-26 15:26:37 EDT
NOTE:  This is meant to replace bug 145222.
Comment 2 James J. Moore 2005-07-18 13:20:07 EDT
This bug found on Fedora Core 4, samba-3.0.14a-2 
Comment 3 Christian Iseli 2007-01-22 05:17:12 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 4 James J. Moore 2007-01-22 11:27:23 EST
Testing with recent Samba versions in fc5 no longer shows the behavior 
originally reported.  Works much better now.

Note You need to log in before you can comment on or make changes to this bug.