Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156031 - Samba full_audit options do not limit logging
Summary: Samba full_audit options do not limit logging
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jay Fenlason
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-26 19:25 UTC by James J. Moore
Modified: 2014-08-31 23:27 UTC (History)
1 user (show)

Fixed In Version: 3.0.23a
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-22 16:27:23 UTC


Attachments (Terms of Use)

Description James J. Moore 2005-04-26 19:25:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.7.7-1.3.1

Description of problem:
When activating the full_audit vfs module on a Samba share and specifying user actions to log as options to full_audit, it ignores the options specified and logs all user actions when the user connects using a GUI file browser such as Windows Explorer or Nautilus.  On the other hand, when the user connects via smbclient or mounts the share with smbmount and performs actions on the command line, only the actions specified in the options to full_audit are logged.

Version-Release number of selected component (if applicable):
samba-3.0.10-1.fc3

How reproducible:
Always

Steps to Reproduce:
1.  Create a Samba share definition in /etc/samba/smb.conf.  Include the following (for example):
    vfs objects = full_audit
    full_audit:prefix = %u|%m
    full_audit:success = write rename
    full_audit:failure = connect mkdir rmdir write open unlink rename

2.  Set Samba logging level to 2 or higher.
3.  Reload Samba.
4.  Connect to the created share by mapping a drive from a Windows client or by mounting the share on a Linux client using smbmount or mount.cifs.
5.  Navigate the shared filesystem using Windows Explorer or Nautilus.
  

Actual Results:  The audit log contained entries such as the following:
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|chdir|ok|chdir|/opt/common/corp
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|opendir|ok|./
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|readdir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|closedir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|./.


Expected Results:  Given the full_audit options specified for the share, none of these entries should have appeared in the audit log.

Additional info:

Comment 1 James J. Moore 2005-04-26 19:26:37 UTC
NOTE:  This is meant to replace bug 145222.

Comment 2 James J. Moore 2005-07-18 17:20:07 UTC
This bug found on Fedora Core 4, samba-3.0.14a-2 

Comment 3 Christian Iseli 2007-01-22 10:17:12 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 4 James J. Moore 2007-01-22 16:27:23 UTC
Testing with recent Samba versions in fc5 no longer shows the behavior 
originally reported.  Works much better now.


Note You need to log in before you can comment on or make changes to this bug.