LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-29-2016, 05:29 PM   #1
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Rep: Reputation: 0
SAMBA permissions - "You Need Permission To Access"


I can't get my home directoy to share in samba

I tried both



Code:
[myhome]
        path = /home/joseph
        writeable = yes
        browseable = yes
        valid users = joseph
        create mask = 6777
        directory mask = 6777
[homes]
        comment = Home Directories
        browseable = yes
        writable = yes
        valid users = %S

I get an error saying "You Don't have permission to access \\192.168.1.227\[SHARE]"


I got this to work, however this is not my home.
Code:
[tmp]
        path = /srv/tmp
        writeable = yes
        browseable = yes
        valid users = joseph
        create mask = 6777
        directory mask = 6777




I am running Centos 6.6.
I have made proper firewall configurations and have tried
Code:
service smb restart;service nmb restart

The error occurs in Windows

Last edited by JoseKreif; 02-29-2016 at 05:36 PM.
 
Old 03-04-2016, 10:54 AM   #2
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

If you have SE Linux enable ensure that you have allowed Samba to share home directory. By default it is turned off.
The logs should also point you in the good direction.
 
Old 03-04-2016, 11:59 AM   #3
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Original Poster
Rep: Reputation: 0
I thought by uncommenting this it would do the trick

Code:
[homes]
        comment = Home Directories
        browseable = yes
        writable = yes
        valid users = %S

Is there a place outside of smb.conf that needs to be changed?
 
Old 03-04-2016, 03:39 PM   #4
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

What you did is not enough on modern Linux system that have SE Linux enabled by default.

You need to check if SE Linux is activated on your system, similar to be below (look at bold part).
Code:
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30
If SE Linux is enabled, you need to explicitly tell SE Linux to allow Samba to share home directories, with a command similar to the below.
Code:
setsebool -P samba_enable_home_dirs
The above commands should do the trick.
But I recommend you to double check, to read the relevant logs, to check the man pages, and then be sure you know what and why for you are doing.

Last edited by tshikose; 03-04-2016 at 03:43 PM.
 
Old 03-04-2016, 05:47 PM   #5
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by tshikose View Post
Hi,

What you did is not enough on modern Linux system that have SE Linux enabled by default.

You need to check if SE Linux is activated on your system, similar to be below (look at bold part).
Code:
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30
If SE Linux is enabled, you need to explicitly tell SE Linux to allow Samba to share home directories, with a command similar to the below.
Code:
setsebool -P samba_enable_home_dirs
The above commands should do the trick.
But I recommend you to double check, to read the relevant logs, to check the man pages, and then be sure you know what and why for you are doing.
If tells me "setsebool" is not a command.

I installed my Centos 6.6 from scratch pretty much.
 
Old 03-05-2016, 02:17 AM   #6
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

Please share the output of
Code:
# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
 
Old 03-05-2016, 09:17 PM   #7
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by tshikose View Post
Hi,

Please share the output of
Code:
# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Code:
[ joseph ] -> cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


[ joseph ] ->

AND ->

Code:
root # ->  setsebool -P samba_enable_home_dirs
bash: setsebool: command not found
root # ->  su joseph
[ joseph ] -> setsebool -P samba_enable_home_dirs

Usage:  setsebool [ -PV ] boolean value | bool1=val1 bool2=val2...

[ joseph ] ->

Last edited by JoseKreif; 03-05-2016 at 09:29 PM.
 
Old 03-05-2016, 09:32 PM   #8
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Original Poster
Rep: Reputation: 0
Okay, I figured it out once I seen my non-root account could access that command



Code:
root # ->  /usr/sbin/setsebool -P samba_enable_home_dirs on
Samba is working now, and I just need to add /usr/sbin to my path on root env

Last edited by JoseKreif; 03-05-2016 at 09:33 PM.
 
Old 03-06-2016, 02:42 AM   #9
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

I am glad you made it work.

It is really strange to me that setsebool was not in your root PATH. As /usr/sbin is commonly in root PATH and not in normal users'.
SE Linux is an interesting feature, but it can have weird and "unexplainable" behaviours.

There are several tutorial out there on Internet, but for me the first place to look as usually been SELinux User's and Administrator's Guide, the chapter "14. Samba" should be of particular interest to you.
 
Old 03-07-2016, 08:13 AM   #10
JoseKreif
Member
 
Registered: Jul 2015
Location: Iowa
Distribution: CentOS 6.6, RHEL Server release 5.5 (Tikanga)
Posts: 58

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by tshikose View Post
Hi,

I am glad you made it work.

It is really strange to me that setsebool was not in your root PATH. As /usr/sbin is commonly in root PATH and not in normal users'.
I have some custom built .bash_profile scripts from a good friend.

I copied it over to root during setup. I must have forgot to add sbin to root's.

Its there now
Attached Thumbnails
Click image for larger version

Name:	paths.PNG
Views:	170
Size:	9.5 KB
ID:	21075  

Last edited by JoseKreif; 03-07-2016 at 08:20 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Samba and permissions ( permissions seems ok but wont work anyway ) spooksman Linux - Networking 1 04-10-2014 09:58 AM
RHEL 5.3 Samba DR Restore - Permissions Screwy on Samba shares mudman69 Red Hat 3 05-12-2009 10:56 AM
samba permissions help gorilly Linux - Server 1 07-05-2007 08:03 AM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 05:55 PM
SAMBA says 'Samba Server is not accebile, you might have no permissions' Ahmad Gurchani Linux - General 1 01-01-2005 10:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration