<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list-request@redhat.com">fedora-selinux-list-request@redhat.com</a> wrote:
<blockquote cite="mid:20070822160010.74F7A73136@hormel.redhat.com"
 type="cite">
  <pre wrap="">Send fedora-selinux-list mailing list submissions to
        <a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a>

To subscribe or unsubscribe via the World Wide Web, visit
        <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a>
or, via email, send a message with subject or body 'help' to
        <a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list-request@redhat.com">fedora-selinux-list-request@redhat.com</a>

You can reach the person managing the list at
        <a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list-owner@redhat.com">fedora-selinux-list-owner@redhat.com</a>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of fedora-selinux-list digest..."
  </pre>
  <pre wrap="">
<hr size="4" width="90%">
Today's Topics:

   1. Re: Data access to two daemon (Stephen Smalley)
  </pre>
  <br>
  <hr size="4" width="90%"><br>
  <table class="header-part1" border="0" cellpadding="0" cellspacing="0"
 width="100%">
    <tbody>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Subject:
        </div>
Re: Data access to two daemon</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">From: </div>
Stephen Smalley <a class="moz-txt-link-rfc2396E" href="mailto:sds@tycho.nsa.gov"><sds@tycho.nsa.gov></a></td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Date: </div>
Wed, 22 Aug 2007 08:50:38 -0400</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">To: </div>
Arthur Pemberton <a class="moz-txt-link-rfc2396E" href="mailto:pemboa@gmail.com"><pemboa@gmail.com></a></td>
      </tr>
    </tbody>
  </table>
  <table class="header-part2" border="0" cellpadding="0" cellspacing="0"
 width="100%">
    <tbody>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">To: </div>
Arthur Pemberton <a class="moz-txt-link-rfc2396E" href="mailto:pemboa@gmail.com"><pemboa@gmail.com></a></td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">CC: </div>
Daniel J Walsh <a class="moz-txt-link-rfc2396E" href="mailto:dwalsh@redhat.com"><dwalsh@redhat.com></a>, <a class="moz-txt-link-abbreviated" href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a></td>
      </tr>
    </tbody>
  </table>
  <table class="header-part3" border="0" cellpadding="0" cellspacing="0"
 width="100%">
    <tbody>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Content-Transfer-Encoding:
        </div>
7bit</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Precedence:
        </div>
junk</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">MIME-Version:
        </div>
1.0</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">References:
        </div>
<a class="moz-txt-link-rfc2396E" href="mailto:16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com"><16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com></a></td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">In-Reply-To:
        </div>
<a class="moz-txt-link-rfc2396E" href="mailto:16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com"><16de708d0708211355x744747ech1cffd5e2da5a2daf@mail.gmail.com></a></td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Message-ID:
        </div>
<a class="moz-txt-link-rfc2396E" href="mailto:1187787038.1451.284.camel@moss-spartans.epoch.ncsc.mil"><1187787038.1451.284.camel@moss-spartans.epoch.ncsc.mil></a></td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Content-Type:
        </div>
text/plain</td>
      </tr>
      <tr>
        <td>
        <div class="headerdisplayname" style="display: inline;">Message:
        </div>
1</td>
      </tr>
    </tbody>
  </table>
  <br>
  <pre wrap="">On Tue, 2007-08-21 at 15:55 -0500, Arthur Pemberton wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">I have a personal server setup with SELinux in targeted mode.

I would like to allow rw access over these files to Samba, and ro
access to these files to httpd.

In my current setup, SELinux requires the security context of the
respective daemon to allow access to them.

Since I gave Samba access more priority, the current context is:
root:object_r:samba_share_t

The files are not owned by root, they are currently chowned pembo13:comrades.

Please advise on the best method to arrange for the access that I seem
to require.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
man samba_selinux seems to suggest using public_content_rw_t on the file
and setting the allow_smbd_anon_write boolean.

  </pre>
</blockquote>
I do that in FC6, and it does work.<br>
<br>
Regards,<br>
John Griffiths<br>
</body>
</html>