[FC5] Samba and SELinux

Bob Kashani bobk at ocf.berkeley.edu
Wed Apr 5 21:42:52 UTC 2006 

On Wed, 2006-04-05 at 13:26 -0700, Dan Thurman wrote:
> On Wed, 2006-04-05 at 12:59 -0700, Bob Kashani wrote:
> > On Wed, 2006-04-05 at 10:59 -0700, Dan Thurman wrote:
> > > Folks,
> > > 
> > > What is the procedure for creating Samba shares and
> > > getting around the SELinux issues?
> > > 
> > > Samba by default no longer works with shares such
> > > as [homes] and any other added shares without administrator
> > > intervention to add SELinux labels on share directories.
> > > 
> > > Please direct me to the FAQ for Samba & SELinux or
> > > please tell me what I have to do to get samba shares
> > > working.
> > > 
> > > In my case - I am getting permission denied in the audit
> > > logs and in the message logs for nmbd, I am getting
> > > directories do not exists errors (when they actually
> > > do!).
> > 
> > /usr/sbin/setsebool -P samba_enable_home_dirs=1
> > /usr/sbin/setsebool -P smbd_disable_trans=1
> > 
> > That's what I had to do to get samba working with home shares on FC5.
> > 
> > Bob
> > 
> 
> Thanks for the response!  Yes, I did that for [home] but
> the problem is what to do with: /var/www
> 
> There are many different contexts for this directory and all
> the files under it and I was not sure how to make this directory
> a samba share without blowing away the original context in fear
> of breaking it all to bits.
> 
> I want to keep all the original context AND add samba share context
> OR the public_share_rw_t as Stephen Smalley recommended but I was
> not sure how to do that.  This is the question I asked of Mr Smalley
> and I am waiting to hear of his response.

Well if you have things setup properly then you should be able to
read/write to your /var/www dir just fine as-is without any extra
changes. I can access my /var/www content just fine via samba without
any extra tweaking of selinux.

I basically access my /var/www dir through my home dir. Just create a
symlink from your home dir to /var/www and make sure that you own the
dirs and have the right permissions to rw to it.

Bob

-- 
Bob Kashani
http://www.gnome.org/~bobk/

More information about the fedora-selinux-list mailing list