| Gavin W. Burris on 16 Sep 2015 12:50:12 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Samba vfs_full_audit operations |
Hi, Paul. These operations should all be standard Linux calls. Have you looked at the Linux man pages? Try searching for the function with the apropos command: $ apropos pwrite pwrite (2) - read from or write to a file descriptor at a given offset pwrite (3p) - write on a file pwrite64 (2) - read from or write to a file descriptor at a given offset pwritev (2) - read or write data into multiple buffers $ man 2 pwrite $ apropos ^unlink unlink (1) - call the unlink function to remove the specified file unlink (1p) - call theunlink() function unlink (2) - delete a name and possibly the file it refers to unlink (3p) - remove a directory entry relative to directory file descriptor unlinkat (2) - delete a name and possibly the file it refers to $ man 2 unlink etc. I hope that helps, not trying to say RTFM. :) ONe of my favorites: $ man 7 signal Cheers. On Wed 09/16/15 02:08PM -0400, PaulNM wrote: > Ok, I'm feeling really stupid here.... > > Does anyone know of a good source of info about the various smb vfs > operations, specifically what they mean? > > For example, what does realpath do? What's the difference between open and > read? Or open vs lock. Or getlock vs lock, and so on. Ultimately I'm trying > to fine tune my server's auditing, while having a better understanding of > precisely what the log is saying. > > I did find a list of the operations at > https://www.samba.org/samba/docs/man/manpages/vfs_full_audit.8.html > but that doesn't really explain them. > > Granted, some are fairly obvious (mkdir/rmdir/chmod/etc), but others seem to > overlap. As far as I can tell, the only operations that result in existing > file content changes/deletions are pwrite/write/rename/rmdir/unlink. (Unlink > is apparently delete.) > > I've been banging my head on this for awhile. The samba.org docs are pretty > detailed, but I'm failing to find what I'm looking for. And internet > searches just keep bringing up posts with log results in them, not really > any answers. > > - PaulNM > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug -- Gavin W. Burris Senior Project Leader for Research Computing The Wharton School University of Pennsylvania ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug