Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

selinux + samba +home directory Permission problem

Posted on 2011-03-19
5
Medium Priority
?
897 Views
Last Modified: 2012-05-11
HI

I want to share user's home directory from windows xp computer .

Samba installed.

from Network manager->share , i can see the home directory (Please check the picture)

So when i click the home directory .. its always ask for user name and password... i provide the user name and password, its does not work..

anyway.. i know its selinux.. becuase i am seing selinux related error :


  '/home/administrator' does not exist or permission denied when connecting to [ADMINISTRATOR] Error was Permission denied
Mar 19 16:45:30 linuxftp kernel: type=1400 audit(1300553130.049:103): avc:  denied  { search } for  pid=6290 comm="smbd" name="home" dev=dm-0 ino=1703937 scontext=root:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir


I have run bellow command

setsebool -P samba_enable_home_dirs 1

also
chcon -t samba_share_t /var/eng

as bellow is the selinux context ..

drwx------  administrator administrator user_u:object_r:samba_share_t    administrator



but it will not allow me to enter this user's home directory

which means, i am missing something .. can any one please give me some light ...



selinux.GIF
0
Comment
Question by:fosiul01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 35172544
within /etc/samba/smb.conf it tells you what you need to run for selinux settings.
setsebool -P samba_enable_home_dirs on
not sure whether 1 is a valid/equivalent parameter
0
 
LVL 79

Expert Comment

by:arnold
ID: 35172592
one other thing, did you use smbpasswd to add the user to the linux system with the same username/password as their windows login?
Or does your setup involve AD integration for linux?
0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172735
Helloooooo Arnold!!

long time .. how are u man ??


you know what you are damm right!!!


the right command its

setsebool -P samba_enable_home_dirs on

just checked the smb.conf file , its saying

setsebool -P samba_enable_home_dirs on


i was reading RHCE exam book , auther michael jang.. and i was following him.. in their its saying

setsebool -P samba_enable_home_dirs 1
and it did not work

its works now ..

0
 
LVL 29

Author Comment

by:fosiul01
ID: 35172758
tell me something pls


you have a directory on  /


drwxr-xr-x    2 root root      4096 Mar 19 19:31 newshare


now , i want only user call fosiul to allow read and write on to this directory via Samba ..

so

[newshare]
        path = /newshare
        writeable = yes
;       browseable = yes
        valid users = fosiul



Now....

dont you have to change the directory permission of /newshare to allow user fosiul to write on that file via samba ??


because... from windows or linux , i can mount that directory  by using user fosiul..

example :

# mount.cifs //linuxftp/project /mnt -o username=fosiul,password=xxx

but it will not allow me to write onto that directory

as soon as i am changing the directory permission as


chown  root:fosiul /newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxr-xr-x    2 root fosiul    4096 Mar 19 19:31 newshare
[root@linuxftp /]# chmod 775 newshare/
[root@linuxftp /]# ls -al | grep newshare
drwxrwxr-x    2 root fosiul    4096 Mar 19 19:31 newshare



Now it will allow me to write into that direcotry

is not the right way ???

because if i follow the books, its does not tel anything about changing the directory permission, hence i am bit confused ...





0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 35172997
Hey, hope all is well with your various setups.

Some reference: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html
http://www.linuxquestions.org/questions/linux-software-2/samba-permission-for-sharing-public-and-private-folder-478264/

While samba is an interface that grants a windows system access to a local filesystem object, the UNIX file permissions still apply.  Your example only owner (root) had write rights to this directory.

Often the shares in the examples are perhaps the example from http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html deals with using the create mask which sets the correct access mask on the directory/files.
ls -lZ / | grep newshare what context is selinux reporting for it?
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question