Solved

selinux + samba +home directory Permission problem

Posted on 2011-03-19
5
857 Views
Last Modified: 2012-05-11
HI

I want to share user's home directory from windows xp computer .

Samba installed.

from Network manager->share , i can see the home directory (Please check the picture)

So when i click the home directory .. its always ask for user name and password... i provide the user name and password, its does not work..

anyway.. i know its selinux.. becuase i am seing selinux related error :


  '/home/administrator' does not exist or permission denied when connecting to [ADMINISTRATOR] Error was Permission denied
Mar 19 16:45:30 linuxftp kernel: type=1400 audit(1300553130.049:103): avc:  denied  { search } for  pid=6290 comm="smbd" name="home" dev=dm-0 ino=1703937 scontext=root:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir


I have run bellow command

setsebool -P samba_enable_home_dirs 1

also
chcon -t samba_share_t /var/eng

as bellow is the selinux context ..

drwx------  administrator administrator user_u:object_r:samba_share_t    administrator



but it will not allow me to enter this user's home directory

which means, i am missing something .. can any one please give me some light ...



selinux.GIF
0
Comment
Question by:fosiul01
  • 3
  • 2
5 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 35172544
within /etc/samba/smb.conf it tells you what you need to run for selinux settings.
setsebool -P samba_enable_home_dirs on
not sure whether 1 is a valid/equivalent parameter
0
 
LVL 78

Expert Comment

by:arnold
ID: 35172592
one other thing, did you use smbpasswd to add the user to the linux system with the same username/password as their windows login?
Or does your setup involve AD integration for linux?
0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172735
Helloooooo Arnold!!

long time .. how are u man ??


you know what you are damm right!!!


the right command its

setsebool -P samba_enable_home_dirs on

just checked the smb.conf file , its saying

setsebool -P samba_enable_home_dirs on


i was reading RHCE exam book , auther michael jang.. and i was following him.. in their its saying

setsebool -P samba_enable_home_dirs 1
and it did not work

its works now ..

0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172758
tell me something pls


you have a directory on  /


drwxr-xr-x    2 root root      4096 Mar 19 19:31 newshare


now , i want only user call fosiul to allow read and write on to this directory via Samba ..

so

[newshare]
        path = /newshare
        writeable = yes
;       browseable = yes
        valid users = fosiul



Now....

dont you have to change the directory permission of /newshare to allow user fosiul to write on that file via samba ??


because... from windows or linux , i can mount that directory  by using user fosiul..

example :

# mount.cifs //linuxftp/project /mnt -o username=fosiul,password=xxx

but it will not allow me to write onto that directory

as soon as i am changing the directory permission as


chown  root:fosiul /newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxr-xr-x    2 root fosiul    4096 Mar 19 19:31 newshare
[root@linuxftp /]# chmod 775 newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxrwxr-x    2 root fosiul    4096 Mar 19 19:31 newshare



Now it will allow me to write into that direcotry

is not the right way ???

because if i follow the books, its does not tel anything about changing the directory permission, hence i am bit confused ...





0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 35172997
Hey, hope all is well with your various setups.

Some reference: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
http://www.linuxquestions.org/questions/linux-software-2/samba-permission-for-sharing-public-and-private-folder-478264/

While samba is an interface that grants a windows system access to a local filesystem object, the UNIX file permissions still apply.  Your example only owner (root) had write rights to this directory.

Often the shares in the examples are perhaps the example from http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html deals with using the create mask which sets the correct access mask on the directory/files.
ls -lZ / | grep newshare what context is selinux reporting for it?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question