samba and apache shared directories on FC5
Paul Howarth
paul at city-fan.org
Mon Apr 24 07:19:09 UTC 2006
On Mon, 2006-04-24 at 09:16 +1000, Robert Foster wrote:
> Hi,
> I have a directory structure that contains multiple web sites that I
> also want shared out using samba to restricted users. I've just
> upgraded to FC5 and worked most of the kinks out (including trying to
> get Samba's net getlocalsid to talk to ldap properly, but that's
> another story).
>
> current configuration:
>
> # ls -alZ /MV
> gives:
> drwsrws--- apache apache system_u:object_r:httpd_sys_content_t
> webs
>
> however the samba shared directory is readonly for users browsing.
> If I set the type to samba_share_t, apache can no longer read the
> directory.
>
> This also has other implications. I have a directory in another share
> (Archives/Repository) that is soft linked to a directory under a web
> site so that users can copy files into it from a windows client and
> have them available for download.
>
> I found a post by Stephen Smalley back in June last year that talks a
> little about this issue:
> http://www.redhat.com/archives/fedora-selinux-list/2005-June/msg00264.html
> that suggested a possible fix by defining a new type allowing both
> httpd and samba to access the files - with samba having permission to
> write.
>
> Any ideas on whether this is likely to be added to a policy for FC5 in
> the near future, and how can I fix this in the interim? I'd rather
> not disable selinux if I can avoid it :)
This was implemented quite a long time ago.
Change the context type of the data to public_content_t (for read-only
data) or public_content_rw_t for data that one of the daemons needs to
be able to write.
Then allow whichever daemons need write access to this data by setting
the appropriate booleans:
allow_ftpd_anon_write
allow_httpd_anon_write
allow_httpd_sys_script_anon_write
allow_rsync_anon_write
allow_smbd_anon_write
So in your case you'd want:
# setsebool -P allow_smbd_anon_write 1
Paul.
More information about the fedora-selinux-list
mailing list