Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Hello everyone
Is there any way to know who deleted samba share dir/file?
I have running samba server on FC7 machine, and my user machine is windows.
It depends....was it deleted from a Windows workstation, or from the Linux system?
From Windows, you could always go check the recycle bin's on different folks desktops, and see if your folder is there. From Linux, check the shell history files of the different users, and see if there's someone who deleted it.
If you have a publicly writable share, you should use "security = user" instead of "security = share", which is obsolete, so each user needs to authenticate. Also set the "sticky" bit on the directory being shared. That prevents one user from deleting another users files inside the directory. It is still up to the user saving a file to modify the write permissions of the file to prevent other users from altering or zeroing the file.
You could enable auditing in the kernel. The filesytem you use would need to support it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
who deleted share file/folder in samba ?
