[OpenAFS] Full path in audit log

Atro Tossavainen openafs@atrotossavainen.fi
Mon, 8 Dec 2014 17:33:36 +0200


On Mon, Dec 08, 2014 at 10:14:42AM -0500, Jonathan Billings wrote:
> On Mon, Dec 8, 2014 at 10:05 AM, Kevin Lemonnier <
> kevin.lemonnier@cognix-systems.com> wrote:
> 
> > What we do currently is using inotify to perform tasks on created /
> > modified files, and I was told that it obviously wouldn't work with
> > OpenAFS, but that it was possible to get with the audit log an equivalent.
> 
> Do you mean using auditd to use audit rules to monitor events (read, write,
> execute) on a file or directory in AFS?  We are using auditd to monitor
> executions out of a couple directories in AFS.

What you describe, Jonathan, takes place on your client systems, doesn't it?

I get the impression that Kevin meant they've previously had a file sharing 
system based on a native file system on the underlying Linux boxes, and 
they've done things whenever clients have created or modified files on the 
shared directories.  This is simple enough to do with NFS or Samba when the  
underlying file system is native to the supporting OS and root on the local  
box has root over the shared file system.  

Now they'd like to do this on AFS, but inotify can't see into AFS, and he
was hoping to see at least the names and full paths of any files created or
modified in the audit logs.

Audit logs that would show full path names in AFS would be those on
client systems.  The file names on an AFS server would be gibberish ones
for /vicepX partitions anyway.  It occurs to me that the AFS file server
does not even deal with human-readable file names, so even if it had
extensive logging it might not even have the kind of information that
Kevin is looking for available to it.

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/