Tracking Samba Changes
Good morning everyone. This morning when I came in my boss said that he doesn’t have access to the R: drive, which is a samba share to a folder called RP. I looked in /etc/group and his username was not in there.
He’s had access to this group for years, since before I was at the company. Yesterday I added a new employee to two other groups, saved the change and exited, and I took out an old username out of a few groups but I did not touch my boss’s username at all. Is there any kind of trace log that shows changes to a group or to /etc/group that tracks
/ logs all individual changes that I can trace back to what might have happened that’s turned on in the system, to show changes to /etc/group, or does that only get captured through an outside backup?
Chris
—
Christopher Wensink IS Administrator Five Star Plastics, Inc
1339 Continental Drive Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink@five-star-plastics.com www.five-star-plastics.com
4 thoughts on - Tracking Samba Changes
Hi Chris,
You didn’t tell us how you’ve managed the users/groups. Usually this is tracked in /var/log/secure like so:
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/group:
name=apache, GID=48
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/gshadow:
name=apache Mar 2 09:57:42 dhcp-157 groupadd[23761]: new group: name=apache, GID=48
Mar 2 09:57:42 dhcp-157 useradd[23769]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin
Regards, Simon
Typically I just adjust who is a member of the group by editing the group using vi /etc/group, the Group has full rwx access to the share folder. I don’t see listings like your examples in /var/log/secure, but there are entries for SSH authentication, etc. Where do I look in the samba config file to find that listing?
Chris
—
Christopher Wensink IS Administrator Five Star Plastics, Inc
1339 Continental Drive Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink@five-star-plastics.com http://www.five-star-plastics.com
Editing /etc/group is not recommended. Changes aren’t logged and it’s easy to make mistakes. It’s better to use:
groupadd to create groups
gpasswd to add or remove users
(usermod can also add users to a group but gpasswd is safer).
Or at least use vigr do modify /etc/group.
Simon