February 21, 20251 yr Hello, i try to bring with Unraid 7.0 the vfs objects full_audit to work. But didn’t have any success. May be some of you have experiance with this and could help me. My Samba extra settings which I try to bring to work: [global] log level = 1 auth_audit:3 full_audit:5 vfs objects = full_audit full_audit:prefix = %u|%I|%S|%P|%f full_audit:priority = NOTICE full_audit:success = openat mkdirat renameat unlinkat pwrite full_audit:failure = openat In the logfile I get: [2025/02/21 08:59:35.181325, 1] ../../lib/param/loadparm.c:1912(lpcfg_do_global_parameter) lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated [2025/02/21 08:59:35.181340, 1] ../../lib/param/loadparm.c:1912(lpcfg_do_global_parameter) lpcfg_do_global_parameter: WARNING: The "syslog" option is deprecated [2025/02/21 08:59:35.247047, 0] ../../source3/modules/vfs_full_audit.c:560(init_bitmap) init_bitmap: Could not find opname mkdir [2025/02/21 08:59:35.247069, 0] ../../source3/modules/vfs_full_audit.c:749(smb_full_audit_connect) smb_full_audit_connect: Invalid success operations list. Failing connect My guess is that the hook for the extraparameter is at the wrong space. In my case it should be afterwards. # hook for user-defined samba config include = /boot/config/smb-extra.conf [global] # hook for unassigned devices shares include = /etc/samba/smb-unassigned.conf # auto-configured shares include = /etc/samba/smb-shares.conf I guess the global is correct, but the local setting is overriting it: root@XXXXXXXXXX:/etc/samba# testparm -s | grep -i vfs Load smb config files from /etc/samba/smb.conf lpcfg_do_global_parameter: WARNING: The "null passwords" option is deprecated lpcfg_do_global_parameter: WARNING: The "syslog" option is deprecated Loaded services file OK. Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback) Server role: ROLE_STANDALONE vfs objects = full_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit vfs objects = recycle extd_audit is there a way to overrite the auto-generated share settings? mfg
February 21, 20251 yr I don't know what you are trying to do, but putting settings in the global section is not a good idea and will override any share settings. 9 minutes ago, blackchii said: is there a way to overrite the auto-generated share settings? No.
February 21, 20251 yr Author I need to trace which user delete which file. Update from me: i figured out that it is really the order: if i add after the share a second smb-extra.config # hook for user-defined samba config include = /boot/config/smb-extra.conf [global] # hook for unassigned devices shares include = /etc/samba/smb-unassigned.conf # auto-configured shares include = /etc/samba/smb-shares.conf # hook for user-defined samba config include = /boot/config/smb-extra.conf and change the local vfs objects to full audit [Global] vfs objects = recycle full_audit full_audit:prefix = %U|%d|%u|%R|%I|%S full_audit:success = openat mkdirat renameat unlinkat pwrite full_audit:failure = openat full_audit:priority = DEBUG [Software] path = /mnt/user/Software comment = Software browseable = yes writeable = no read list = case sensitive = auto preserve case = yes short preserve case = yes vfs objects = recycle full_audit after this restart samba I get the full_audit in the syslog (not my prevert chose, but i see that the full_audit is working) are there better ways? to prevent that the vfs object is local defined.
February 21, 20251 yr 56 minutes ago, blackchii said: are there better ways? to prevent that the vfs object is local defined. Yes. Install the recycle bin plugin and set the the "Recycle Bin Parameters" for what you want to show for a deleted file. Click on the 'Help' icon in the upper right corner of the recycle bin page to see some options. Currently the logging is not working reliably because of some samba changes, but I will have that fixed soon.
February 22, 20251 yr Author Hello, the recycle bin plugin is already installed. I need something silimar to synology that you can trace which person open which file or which person delete this file. Is there a way to help you with the fix? i ended up a script which modify the smb-shares.conf to the value what i want and the restart samba. Will your version send the full_audit to a seperate file?
February 24, 20251 yr There are two plugins that will partially do what you want. You will want to use the plugins and not modify files on your own. The two plugins are the Recycle Bin and File Activity plugins. The recycle Bin plugin can delete files and organize the files in the .Recycle.Bin by user using the %u parameter. The File Activity plugin will trach file activity, but does not track smb file activity separately by user. On 2/22/2025 at 2:10 AM, blackchii said: i ended up a script which modify the smb-shares.conf to the value what i want and the restart samba. This is a really bad idea. There are several routines that manage the config file, and anything you do will interfere with smb and cause you problems.
February 25, 20251 yr Author Hello, partially yes. File Activity plugins would be the nearest. But i need the user and the option to save the log to a folder. does the tool automatical update? I see you host this project, can you add this?
February 25, 20251 yr 1 hour ago, blackchii said: Hello, partially yes. File Activity plugins would be the nearest. But i need the user and the option to save the log to a folder. does the tool automatical update? I see you host this project, can you add this? There is nothing I can do to add user tracking to the file activity. The user is not known to inotify.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.