Tracking Samba Changes

Home » CentOS » Tracking Samba Changes

March 5, 2021 Chris Wensink CentOS 4 Comments

Good morning everyone. This morning when I came in my boss said that he doesn’t have access to the R: drive, which is a samba share to a folder called RP. I looked in /etc/group and his username was not in there.
He’s had access to this group for years, since before I was at the company. Yesterday I added a new employee to two other groups, saved the change and exited, and I took out an old username out of a few groups but I did not touch my boss’s username at all. Is there any kind of trace log that shows changes to a group or to /etc/group that tracks
/ logs all individual changes that I can trace back to what might have happened that’s turned on in the system, to show changes to /etc/group, or does that only get captured through an outside backup?

Chris

—
Christopher Wensink IS Administrator Five Star Plastics, Inc
1339 Continental Drive Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink@five-star-plastics.com www.five-star-plastics.com

4 thoughts on - Tracking Samba Changes

Hi Chris,

You didn’t tell us how you’ve managed the users/groups. Usually this is tracked in /var/log/secure like so:

Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/group:
name=apache, GID=48
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/gshadow:
name=apache Mar 2 09:57:42 dhcp-157 groupadd[23761]: new group: name=apache, GID=48
Mar 2 09:57:42 dhcp-157 useradd[23769]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin

Regards, Simon

Typically I just adjust who is a member of the group by editing the group using vi /etc/group, the Group has full rwx access to the share folder. I don’t see listings like your examples in /var/log/secure, but there are entries for SSH authentication, etc. Where do I look in the samba config file to find that listing?

Chris

Editing /etc/group is not recommended. Changes aren’t logged and it’s easy to make mistakes. It’s better to use:

groupadd to create groups
gpasswd to add or remove users

(usermod can also add users to a group but gpasswd is safer).

Or at least use vigr do modify /etc/group.

Simon

Simon Matter says:

March 5, 2021 at 9:40 am

Hi Chris,

You didn’t tell us how you’ve managed the users/groups. Usually this is tracked in /var/log/secure like so:

Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/group:
name=apache, GID=48
Mar 2 09:57:42 dhcp-157 groupadd[23761]: group added to /etc/gshadow:
name=apache Mar 2 09:57:42 dhcp-157 groupadd[23761]: new group: name=apache, GID=48
Mar 2 09:57:42 dhcp-157 useradd[23769]: new user: name=apache, UID=48, GID=48, home=/usr/share/httpd, shell=/sbin/nologin

Regards, Simon
Chris Wensink says:

March 5, 2021 at 11:26 am

Typically I just adjust who is a member of the group by editing the group using vi /etc/group, the Group has full rwx access to the share folder. I don’t see listings like your examples in /var/log/secure, but there are entries for SSH authentication, etc. Where do I look in the samba config file to find that listing?

Chris

—
Christopher Wensink IS Administrator Five Star Plastics, Inc
1339 Continental Drive Eau Claire, WI 54701
Office: 715-831-1682
Mobile: 715-563-3112
Fax: 715-831-6075
cwensink@five-star-plastics.com http://www.five-star-plastics.com
Ian Mortimer says:

March 5, 2021 at 3:51 pm

Editing /etc/group is not recommended. Changes aren’t logged and it’s easy to make mistakes. It’s better to use:

groupadd to create groups
gpasswd to add or remove users

(usermod can also add users to a group but gpasswd is safer).
Simon Matter says:

March 6, 2021 at 3:04 am

Or at least use vigr do modify /etc/group.

Simon

Tracking Samba Changes

4 thoughts on - Tracking Samba Changes

Recommended

Recent Posts

Recent Comments

Archives

Categories

Meta