Samba and SELinux

Paul Howarth paul at city-fan.org
Wed Apr 12 07:52:57 UTC 2006


On Tue, 2006-04-11 at 22:48 -0400, Tim Largy wrote:
> On 4/11/06, Paul Howarth <paul at city-fan.org> wrote:
> > I'd like to know where /somewhere/else actually is before answering that.
> 
> /somewhere/else happens to be called /scratch/share on my system.
> Nothing special about it.

That should be OK then, with the suggestion I gave in the previous
message (described below). You might need to do this though:

# chcon -t mnt_t /scratch

> > If you've set up some area specifically for sharing data, like for
> > instance /srv/public (using directories under /srv is a good place for
> > this sort of thing), you can do:
> >
> > # chcon -Rt public_content_rw_t /srv/public
> >
> > The "public content" type is readable by a variety of different servers
> > such as samba, httpd, ftpd, rsync etc. You can select which one(s) of
> > them is/are allowed to write to the area using a separate boolean for
> > each. So for samba, you'd use:
> >
> > # setsebool -P allow_smb_anon_write 1
> 
> Thanks, that does make sense to me, but it didn't work. Hmmm.

What denial(s) is/are you getting now in /var/log/messages when you try
to access this area using samba?

> And for those viewers watching at home, there is a spelling error in
> one of the selinux-related man pages and the boolean mentioned above
> is actually spelled allow_smbd_anon_write.

Good spot. I posted a note about this on fedora-selinux-list so it
should get fixed before long.

Paul.




More information about the users mailing list