Samba Auditing
January 18th, 2010 by greg
Sometimes you want to have logs of who created files and deleted files and even those who opened files. Samba makes this possible but not where you’d expect. You’d probably expect to see this if you increased the log level option to a verbose enough number. It turns out that there is a vfs module that does exactly this. It logs auditing information to syslog. But remember, this information goes to syslog, not to your normal samba log files. Also note that there is a vfs module named audit and one called full_audit.
Example share definition using the auditing facility.
[web-sites] comment = "Web Sites" # turn on auditing to see what the heck is going on vfs objects = full_audit writeable = yes locking = no create mask = 0775 directory mask = 0775 force create mode = 0664 force directory mode = 0775 force user = www-data force group = www-data path = /var/www-sites/ valid users = @www-data
This entry was posted on Monday, January 18th, 2010 at 10:24 am and is filed under Geek, Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
