Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
guys, I have a share on my server which users access through map drive from the Window$ machines; I'm doing this with SAMBA, but the problem is that when I put SELinux in Enforcing mode, it will not let anyone access the share. I have to put it in permisive (I believe that's the correct word). At first the share was not available because I needed to add
Code:
chcon -R -t samba_share_t '/mnt/storage'
, but still was not working, untill I put SELinux in permisive mode; then, it worked fine.... is it possible to make samba work with SELinux in Enforcing mode?
2.6.18-128.4.1.el5[root@www ~]# getsebool -a | grep smb
allow_smbd_anon_write --> off
smbd_disable_trans --> off
2.6.18-128.4.1.el5[root@www ~]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> on
samba_share_nfs --> on
use_samba_home_dirs --> on
virt_use_samba --> off
2.6.18-128.4.1.el5[root@www ~]#
These are my settings, and I'm happily working with Samba with SELinux in enforcing mode.
Don't forget to use "setsebool" with the -a option to make your changes permanent.
setsebool -P samba_export_all_ro on
setsebool -P samba_export_all_rw on
but when I try to access the drive from the network, SELinux is blocking access to the file
Code:
SELinux is preventing the samba daemon from accessing a ro file system
is not a premission issue because when I put SELinux in permisive mode, I can access the share no problem. Beside for troubleshooting measures I gave the share 777 access
I don't know which distro or version of SELinux you're using, so perhaps you have an older version with a crappy policy.
You could use audit2allow to generate local policy settings that you could then load. I know I've had to do that for some postfix issues, but not Samba.
Have you googled the error message from the audit log file?
I don't know which distro or version of SELinux you're using, so perhaps you have an older version with a crappy policy.
You could use audit2allow to generate local policy settings that you could then load. I know I've had to do that for some postfix issues, but not Samba.
Have you googled the error message from the audit log file?
Yes, I have google-ed and I'm working on a few solution. As far as my Linux version, I'm using CentOS 5.3 with all updates installed, so I don't think that would be a problem.
Hi guys I was having the same problem and this is how I solved it.
I don't mount on the typical /mnt I usually create a directory called /space and add disks there. Anyways, I had setup a samba share on /space/backup01 using
#chcon -R -t samba_share_t /space/backup01
SELinux just did not let me access it using samba from any windows system. I kept on getting errors saying it was a default_t label yet when I checked with
# ls -ldZ /space/backup01
I would see that indeed it was a samba_share_t label.
I did several relabels and verified that samba was working correctly by turning off SELinux.
Anyways the error message regarding the default_t label keyed me into checking the parent directory's label and sure enough it was default_t
I ran
#chcon -t samba_share_t /space/
Not using -R so that the other directories in /space would not get a samba label.
This did the trick. Now I have samba working with SELinux enforcing.
mia_tech, /mnt has a special system label mnt_t. I am not sure how this affects the solution I just described nor am I sure setting /mnt to samba_share_t is a wise choice.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.