I have loaded into the kernel a self made driver that monitor file operations, this means, when any user is doing operations on files, e.g open,read,change permissions, i get "event information " of the operation. The information i get is: UID and GID of user performed the operation, the file it performed the operation and the operation type.
Lets continue:
I have successfully shared a folder via SMB protocol and loaded my driver into the kernel.
From my Windows 2008R2 machine, I do "//readynas-ip/mysmb" and see the shared files (SMB).
When any user perform operations on files, i get a valid full data provided by my driver.
There is a problem when editing file permissions and the user is not the owner of the file.
In the Windows 2008R2, When the user edit file permissions (right click the file, Properties -> Security tab -> edit permissions) - There are 2 flows:
A user is changing file permissions - the user is the owner of the file.
A user is changing file permissions - the user is not the owner of the file.
When the user is the owner of the file, everything is ok, in the kernel driver, I see event notifying me the file permissions is changed, i get the uid/gid of that user that changed the permission.
if the user is NOT the owner of the file, when he changes a file permission, I see in my kernel driver that event, but my kernel driver informs me that the actual user who edited the security permission is 0 - meaning its a root user and not the actual user.
Why is that ?
On the VFS Driver I loaded to kernel, I receive (on file attributes changes) UID 0 and GID 0 on file persmissions event. when the user is not set as File owner.
