<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2873" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>I have a directory
structure that contains multiple web sites that I also want shared out using
samba to restricted users. I've just upgraded to FC5 and worked most of
the kinks out (including trying to get Samba's net getlocalsid to talk to ldap
properly, but that's another story).</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>current
configuration:</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2># ls -alZ
/MV</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2>gives:</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2>drwsrws--- apache
apache system_u:object_r:httpd_sys_content_t webs</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>however the samba
shared directory is readonly for users browsing.</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>If I set the type to
samba_share_t, apache can no longer read the
directory.</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>This also has other
implications. I have a directory in another share (Archives/Repository)
that is soft linked to a directory under a web site so that users can copy files
into it from a windows client and have them available for
download.</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>I found a post by
Stephen Smalley back in June last year that talks a little about this
issue:</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2><A
href="http://www.redhat.com/archives/fedora-selinux-list/2005-June/msg00264.html">http://www.redhat.com/archives/fedora-selinux-list/2005-June/msg00264.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>that suggested a
possible fix by defining a new type allowing both httpd and samba to access the
files - with samba having permission to write.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>Any ideas on whether
this is likely to be added to a policy for FC5 in the near future, and how can I
fix this in the interim? I'd rather not disable selinux if I can avoid it
:)</FONT></SPAN></DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=449555322-23042006><FONT face=Arial size=2>Thanks in
advance,</FONT></SPAN></DIV><!-- Converted from text/rtf format -->
<P align=left><SPAN lang=en-au><FONT face=Arial size=2>Robert
Foster</FONT></SPAN> <BR><SPAN lang=en-au><FONT face=Arial size=2>General
Manager</FONT></SPAN> <BR><SPAN lang=en-au><FONT face=Arial size=2>Mountain
Visions P/L <A
href="http://mountainvisions.com.au/">http://mountainvisions.com.au</A></FONT></SPAN>
<FONT face=Arial size=2><BR>Mobile: 0418 131 065</FONT></P>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>