Samba file server

[Daniel J Walsh]

Ivan Gyurdiev wrote:

>>You have /root on this share?  Interesting.  I'm not sure you can do
>>what I describe below in /root.
>>    
>>
>
>No I don't. That's what the avc output says. I have no idea why it says
>that - I guess it prints the path relative to the volume mount point, 
>not to the global /.
>  
>
>>Try relabeling the portions of /data that you want to have
>>user_home_dir_t and user_home_t:
>>
>>chcon -t user_home_dir_t /data/smb
>>cd /data/smb
>>chcon -R -r user_home_t ./*
>>    
>>
>
>That sounds like a hack. This isn't a home directory so why
>should I label it as such. It's a bunch of common files.
>In addition to that I want home directories under /home.
>Since smbd currently fails to read even those, how would labeling
>/data user_home_t help?
>
>=============
>
>Part of the problem in my mind is that I do not know what
>the SElinux types are, which ones I need to do what I want,
>and how to add new ones to perform this simple task. 
>
>Consider traditional UNIX permissions. There's a straightforward
>procedure for doing what I want. I create a group called data.
>I put whoever I want in it (user1, user2, user3, httpd..). Then 
>I chgrp /data with that. Nice and simple. I forget what smbd does - I
>think it checks to see if the UNIX user that you're logged in with
>has access to that folder.
>
>What's the SElinux equivalent? 
>
>  
>
I think you want to label them samba_share_t.

chcon -R -t samba_share_t  /data