Samba Auditing

Sometimes you want to have logs of who created files and deleted files and even those who opened files.  Samba makes this possible but not where you’d expect.  You’d probably expect to see this if you increased the log level option to a verbose enough number.  It turns out that there is a vfs module that does exactly this.  It logs auditing information to syslog. But remember, this information goes to syslog, not to your normal samba log files. Also note that there is a vfs module named audit and one called full_audit.

Example share definition using the auditing facility.

[web-sites]
comment = "Web Sites"
# turn on auditing to see what the heck is going on
vfs objects = full_audit
writeable = yes
locking = no
create mask = 0775
directory mask = 0775
force create mode = 0664
force directory mode = 0775
force user = www-data
force group = www-data
path = /var/www-sites/
valid users = @www-data
Advertisements
This entry was posted in Geek, Tips. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s