Problem with samba shares from FC4

Mon Jun 20 03:31:59 UTC 2005

On Sat, 2005-06-18 at 13:30 -0400, Todd Wease wrote:
> For now I've got SELinux disabled until I get a better handle on it.  I
> think there are a few ways to disable it.
> 
> (1) Open Desktop > System Settings > Security Level and uncheck the
> Enabled box under the SELinux tab.
> 
> or
> 
> (2) edit /etc/sysconfig/selinux and set SELINUX=disabled
> 
> 
> On Sat, 2005-06-18 at 16:43 +0000, derekmahar.12076081 at bloglines.com
> wrote:
> > I've encountered the same problem moving from FC3 to FC4.  SELinux is the
> > source of the problem and may be due to a more restrictive security policy.
> >  As a quick workaround, someone on the Samba mailing list suggested that I
> > enter the following command to disable the enhanced security:
> > 
> > /usr/sbin/setenforce
> > permissive
> > 
> > This works, but I don't know how to make the change more permanent
> > or to disable to policy for Samba only.
> > 
> > Any insights?
> > 
> > Derek
> > 
> > --- For
> > users of Fedora Core releases <fedora-list at redhat.com wrote:
> > I am trying
> > to share a directory using samba under FC4. This used to
> > > work with FC3
> > but with FC4 I keep getting messages in the samba logfile
> > > saying that the
> > directory does not exist, but of course it really does.
> > > 
> > > This is probably
> > because of the tighter security from SELinux. How can
> > > this be fixed?
> > >
> > 
> > > from my smb.conf:
> > > [tv]
> > >         comment = tv series depo
> > >     
> >    path = /mnt/bigdisk/exthdd/tv
> > > ;       writeable = no
> > >         browseable
> > = yes
> > >         valid users = kramer, xbox
> > > ;       writeable = no
> > > 
> > 
> > > 
> > > Jurgen
> > > 
> > > 
> > > 
> > > -- 
> > > fedora-list mailing list
> > > fedora-list at redhat.com
> > 
> > > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> > > 
> > 
> 

I REALLY REALLY discourage cutting off SELinux entirely unless there are
no other options, especially if the machine is connected to the
internet.

This is what I did to get Samba to work.

Run system-config-securitylevel

Go to the SELinux Tab

Look at the "Modify Policy"  for Samba

For Samba you have a few options.  If the directory you want to share
out is in /home, check the box labeled "Allow Samba to share users home
directories"  If you want to share any directory, Check the "Disable
SELinux protection for the smbd/nmbd daemon"  This will turn off SELinux
for Samba permanently.

Cutting off selinux all together is forgoing an important layer of
security.  Plus, if no one uses it, how can it get any better :)

Micheal