samba and apache shared directories on FC5

Sun Apr 23 23:16:32 UTC 2006

Hi,
I have a directory structure that contains multiple web sites that I also
want shared out using samba to restricted users.  I've just upgraded to FC5
and worked most of the kinks out (including trying to get Samba's net
getlocalsid to talk to ldap properly, but that's another story).

current configuration:

# ls -alZ /MV
gives:
drwsrws---  apache   apache   system_u:object_r:httpd_sys_content_t webs

however the samba shared directory is readonly for users browsing.
If I set the type to samba_share_t,  apache can no longer read the
directory.

This also has other implications.  I have a directory in another share
(Archives/Repository) that is soft linked to a directory under a web site so
that users can copy files into it from a windows client and have them
available for download.

I found a post by Stephen Smalley back in June last year that talks a little
about this issue:
http://www.redhat.com/archives/fedora-selinux-list/2005-June/msg00264.html
that suggested a possible fix by defining a new type allowing both httpd and
samba to access the files - with samba having permission to write.

Any ideas on whether this is likely to be added to a policy for FC5 in the
near future, and how can I fix this in the interim?  I'd rather not disable
selinux if I can avoid it :)

Thanks in advance,

Robert Foster 
General Manager 
Mountain Visions P/L  http://mountainvisions.com.au
<http://mountainvisions.com.au/>  
Mobile: 0418 131 065

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060424/0afedae4/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Robert Foster.vcf
Type: text/x-vcard
Size: 518 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20060424/0afedae4/attachment.vcf 