How to identify a user's action

The system does not log that sort of user activity.

Edit:  If this is an ongoing need (vs. forensics on something that has already been done), here a solution that worked for one user:

https://community.netgear.com/t5/ReadyNAS-in-Business/ReadyNAS-316-User-actions-monitoring-for-Insid...

Wouldn't the user who created a folder be the owner of that folder?  Not something you can see from the GUI, but certainly visible via SSH.

Once a file is gone, I can't think of any way to figure out who deleted it.

---

@Sandshark wrote:

Wouldn't the user who created a folder be the owner of that folder?  Not something you can see from the GUI, but certainly visible via SSH.

 

Once a file is gone, I can't think of any way to figure out who deleted it.

---

Ok, you went there.  🙂

I had composed the following, and then held off posting for fear of opening a proverbial can of worms.

Depending on how critical is your need, it might be technically possible to figure out who created a particular folder, but only if things have been configured and used in a particular way:

If your users are connecting to the share using individual ReadyNAS user account credentials (i.e., not anonymous/guest) then a folder will be owned by the particular ReadyNAS user that created it.  Because that ownership is at the underlying filesystem level, the only way (AFAIK) to determine that ownership is using SSH shell access.  This generally requires some level of comfort/experience with the underlying linux OS.  There is info on configuring ReadyNAS SSH access here:

• https://kb.netgear.com/30068/ReadyNAS-OS-6-SSH-access-support-and-configuration-guides

Note the very serious caveats in that article, along with this warning from the ReadyNAS OS user manual:

WARNING:

If you enable SSH root access, NETGEAR might deny you technical support.

Download the logs from the GUI, and look at smbd.log.

Check the owner of the files.

If that doesn't bring answers, there is nothing more that you can on a ReadyNAS, afaik anyway.

Holy cow!  I couldn't resist poking at this some more, and found the following:

On a Windows (10) client computer, mounting a SMB share using ReadyNAS user credentials, I was able to determine the owner by:

1. In File Explorer, select the folder and do right-click -> Properties
2. In the Properties window, click the Security tab
3. (wait for spinner mouse pointer to finish)
4. Click on the Advanced button

...and presto:

and on another folder:

I don't know what, if anything, particular to my configuration might be enabling this.  After thinking about it a bit, it just seems like Samba is doing a pretty good job of mapping the underlying Linux ownership/permissions to Windows NTFS-style.

I was not able to get  the same kind of info on a Mac connected to the SMB share.

@BrenoMachad0, maybe worth a try?

Does the same for me.  How about that!  We all learned something today.

.