Solved

selinux + samba +home directory Permission problem

Posted on 2011-03-19
5
837 Views
Last Modified: 2012-05-11
HI

I want to share user's home directory from windows xp computer .

Samba installed.

from Network manager->share , i can see the home directory (Please check the picture)

So when i click the home directory .. its always ask for user name and password... i provide the user name and password, its does not work..

anyway.. i know its selinux.. becuase i am seing selinux related error :


  '/home/administrator' does not exist or permission denied when connecting to [ADMINISTRATOR] Error was Permission denied
Mar 19 16:45:30 linuxftp kernel: type=1400 audit(1300553130.049:103): avc:  denied  { search } for  pid=6290 comm="smbd" name="home" dev=dm-0 ino=1703937 scontext=root:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir


I have run bellow command

setsebool -P samba_enable_home_dirs 1

also
chcon -t samba_share_t /var/eng

as bellow is the selinux context ..

drwx------  administrator administrator user_u:object_r:samba_share_t    administrator



but it will not allow me to enter this user's home directory

which means, i am missing something .. can any one please give me some light ...



selinux.GIF
0
Comment
Question by:fosiul01
  • 3
  • 2
5 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
within /etc/samba/smb.conf it tells you what you need to run for selinux settings.
setsebool -P samba_enable_home_dirs on
not sure whether 1 is a valid/equivalent parameter
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
one other thing, did you use smbpasswd to add the user to the linux system with the same username/password as their windows login?
Or does your setup involve AD integration for linux?
0
 
LVL 29

Author Comment

by:fosiul01
Comment Utility
Helloooooo Arnold!!

long time .. how are u man ??


you know what you are damm right!!!


the right command its

setsebool -P samba_enable_home_dirs on

just checked the smb.conf file , its saying

setsebool -P samba_enable_home_dirs on


i was reading RHCE exam book , auther michael jang.. and i was following him.. in their its saying

setsebool -P samba_enable_home_dirs 1
and it did not work

its works now ..

0
 
LVL 29

Author Comment

by:fosiul01
Comment Utility
tell me something pls


you have a directory on  /


drwxr-xr-x    2 root root      4096 Mar 19 19:31 newshare


now , i want only user call fosiul to allow read and write on to this directory via Samba ..

so

[newshare]
        path = /newshare
        writeable = yes
;       browseable = yes
        valid users = fosiul



Now....

dont you have to change the directory permission of /newshare to allow user fosiul to write on that file via samba ??


because... from windows or linux , i can mount that directory  by using user fosiul..

example :

# mount.cifs //linuxftp/project /mnt -o username=fosiul,password=xxx

but it will not allow me to write onto that directory

as soon as i am changing the directory permission as


chown  root:fosiul /newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxr-xr-x    2 root fosiul    4096 Mar 19 19:31 newshare
[root@linuxftp /]# chmod 775 newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxrwxr-x    2 root fosiul    4096 Mar 19 19:31 newshare



Now it will allow me to write into that direcotry

is not the right way ???

because if i follow the books, its does not tel anything about changing the directory permission, hence i am bit confused ...





0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
Hey, hope all is well with your various setups.

Some reference: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
http://www.linuxquestions.org/questions/linux-software-2/samba-permission-for-sharing-public-and-private-folder-478264/

While samba is an interface that grants a windows system access to a local filesystem object, the UNIX file permissions still apply.  Your example only owner (root) had write rights to this directory.

Often the shares in the examples are perhaps the example from http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html deals with using the create mask which sets the correct access mask on the directory/files.
ls -lZ / | grep newshare what context is selinux reporting for it?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now