Solved

selinux + samba +home directory Permission problem

Posted on 2011-03-19
5
842 Views
Last Modified: 2012-05-11
HI

I want to share user's home directory from windows xp computer .

Samba installed.

from Network manager->share , i can see the home directory (Please check the picture)

So when i click the home directory .. its always ask for user name and password... i provide the user name and password, its does not work..

anyway.. i know its selinux.. becuase i am seing selinux related error :


  '/home/administrator' does not exist or permission denied when connecting to [ADMINISTRATOR] Error was Permission denied
Mar 19 16:45:30 linuxftp kernel: type=1400 audit(1300553130.049:103): avc:  denied  { search } for  pid=6290 comm="smbd" name="home" dev=dm-0 ino=1703937 scontext=root:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir


I have run bellow command

setsebool -P samba_enable_home_dirs 1

also
chcon -t samba_share_t /var/eng

as bellow is the selinux context ..

drwx------  administrator administrator user_u:object_r:samba_share_t    administrator



but it will not allow me to enter this user's home directory

which means, i am missing something .. can any one please give me some light ...



selinux.GIF
0
Comment
Question by:fosiul01
  • 3
  • 2
5 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35172544
within /etc/samba/smb.conf it tells you what you need to run for selinux settings.
setsebool -P samba_enable_home_dirs on
not sure whether 1 is a valid/equivalent parameter
0
 
LVL 77

Expert Comment

by:arnold
ID: 35172592
one other thing, did you use smbpasswd to add the user to the linux system with the same username/password as their windows login?
Or does your setup involve AD integration for linux?
0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172735
Helloooooo Arnold!!

long time .. how are u man ??


you know what you are damm right!!!


the right command its

setsebool -P samba_enable_home_dirs on

just checked the smb.conf file , its saying

setsebool -P samba_enable_home_dirs on


i was reading RHCE exam book , auther michael jang.. and i was following him.. in their its saying

setsebool -P samba_enable_home_dirs 1
and it did not work

its works now ..

0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172758
tell me something pls


you have a directory on  /


drwxr-xr-x    2 root root      4096 Mar 19 19:31 newshare


now , i want only user call fosiul to allow read and write on to this directory via Samba ..

so

[newshare]
        path = /newshare
        writeable = yes
;       browseable = yes
        valid users = fosiul



Now....

dont you have to change the directory permission of /newshare to allow user fosiul to write on that file via samba ??


because... from windows or linux , i can mount that directory  by using user fosiul..

example :

# mount.cifs //linuxftp/project /mnt -o username=fosiul,password=xxx

but it will not allow me to write onto that directory

as soon as i am changing the directory permission as


chown  root:fosiul /newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxr-xr-x    2 root fosiul    4096 Mar 19 19:31 newshare
[root@linuxftp /]# chmod 775 newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxrwxr-x    2 root fosiul    4096 Mar 19 19:31 newshare



Now it will allow me to write into that direcotry

is not the right way ???

because if i follow the books, its does not tel anything about changing the directory permission, hence i am bit confused ...





0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 35172997
Hey, hope all is well with your various setups.

Some reference: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
http://www.linuxquestions.org/questions/linux-software-2/samba-permission-for-sharing-public-and-private-folder-478264/

While samba is an interface that grants a windows system access to a local filesystem object, the UNIX file permissions still apply.  Your example only owner (root) had write rights to this directory.

Often the shares in the examples are perhaps the example from http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html deals with using the create mask which sets the correct access mask on the directory/files.
ls -lZ / | grep newshare what context is selinux reporting for it?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Determine Who is Runnig my Bash Shell Script 4 80
Why isn't object file created? 6 58
Error Message during CentOS 7 Minimal Install 3 43
error log using ftp 7 40
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question