Adam Tauno Williams
2021-Dec-22 21:33 UTC
[Samba] Log Level For Debugging preexec/postexec?
openSUSE LEAP 15.3 samba-4.13.13+git.531.903f5c0ccdc-3.17.1.x86_64 I have preexec/postexec in use on other Samba servers - - - but on this one they do not appear to work. [financials] comment = Financial Documents inherit acls = Yes path = /srv/cifs/financials preexec = /usr/bin/logger -t samba -p local3.info "performing postexec" read only = No root postexec = /usr/local/bin/smb-postexec.sh %m %M %d %I %u Even changing the preexec to a simple call to logger I get nothing in syslog [I do get other messages, such as from vfs_audit]. Any tips on debugging why these scripts are not performed? -- Highland Park Neighborhood Association Adam Tauno Williams, Board Chair Grand Rapids, MI.
Adam Tauno Williams
2021-Dec-23 13:55 UTC
[Samba] Log Level For Debugging preexec/postexec?
On Wed, 2021-12-22 at 16:33 -0500, Adam Tauno Williams via samba wrote:> openSUSE LEAP 15.3 samba-4.13.13+git.531.903f5c0ccdc-3.17.1.x86_64 > I have preexec/postexec in use on other Samba servers - - - but on > this one they do not appear to work.It appears that apparmor [by default] prevents shell scripts (/usr/bin/bash) and basically anything else from being executed by Samba. type=AVC msg=audit(1640209580.186:1156): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28232/fd/" pid=28232 comm="smbd" requested_mask="r" denied_mask="r" fsuid=437 ouid=0 type=AVC msg=audit(1640209580.194:1157): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28232 comm="smbd" requested_mask="x" denied_mask="x" fsuid=437 ouid=0 type=AVC msg=audit(1640209583.190:1158): apparmor="DENIED" operation="open" profile="smbd" name="/proc/28233/fd/" pid=28233 comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 type=AVC msg=audit(1640209583.198:1159): apparmor="DENIED" operation="exec" profile="smbd" name="/usr/bin/bash" pid=28233 comm="smbd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0> > [financials] > comment = Financial Documents > inherit acls = Yes > path = /srv/cifs/financials > preexec = /usr/bin/logger -t samba -p local3.info "performing > postexec" > read only = No > root postexec = /usr/local/bin/smb-postexec.sh %m %M %d %I %u > > Even changing the preexec to a simple call to logger I get nothing in > syslog [I do get other messages, such as from vfs_audit]. > > Any tips on debugging why these scripts are not performed?-- Adam Tauno Williams, awilliam at whitemice.org Multi-Modal Activists Against Auto Dependent Development resisting the unAmerican socialists of the Motorist hegemony http://www.mmaaadd.org