PaulNM on 16 Sep 2015 11:08:53 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Samba vfs_full_audit operations


Ok, I'm feeling really stupid here....

Does anyone know of a good source of info about the various smb vfs operations, specifically what they mean?

For example, what does realpath do? What's the difference between open and read? Or open vs lock. Or getlock vs lock, and so on. Ultimately I'm trying to fine tune my server's auditing, while having a better understanding of precisely what the log is saying.

I did find a list of the operations at
https://www.samba.org/samba/docs/man/manpages/vfs_full_audit.8.html
but that doesn't really explain them.

Granted, some are fairly obvious (mkdir/rmdir/chmod/etc), but others seem to overlap. As far as I can tell, the only operations that result in existing file content changes/deletions are pwrite/write/rename/rmdir/unlink. (Unlink is apparently delete.)

I've been banging my head on this for awhile. The samba.org docs are pretty detailed, but I'm failing to find what I'm looking for. And internet searches just keep bringing up posts with log results in them, not really any answers.

- PaulNM
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug