Setting up a samba share?
Karl MacMillan
kmacmill at redhat.com
Wed Nov 8 20:14:17 UTC 2006
On Wed, 2006-11-08 at 11:38 -0800, Knute Johnson wrote:
> >On Mon, 2006-11-06 at 21:52 -0800, Knute Johnson wrote:
> >> I'm setting up a samba share on my new FC6 install that will be
> >> public with no password required. Just like an unmolested Windows
> >> share.
> >>
> >> I found an article that said to put the selinux context description
> >> in /etc/selinux/targeted/contexts/files/file_contexts.local.
> >>
> >> My shared directory is /var/share. I put the line:
> >>
> >> /var/share(/.*)? system_u:object_r:samba_share_t
> >>
> >> in that file.
> >>
> >> Is this the correct way to make this change and make it permanent?
> >> Will this do what it is supposed to do?
> >
> >Since FC5 the way to do this is not by editing file_contexts.local but
> >by using semanage:
> >
> ># semanage fcontext -a -t samba_share_t '/var/share(/.*)?'
> >
> >Having changed policy by doing this, the context types of the files
> >themselves still need changing:
> >
>
> semanage just creates the file_contexts.local file with the same
> thing in it that I had. What difference does it make to edit the
> file or use semanage?
>
1) The tool helps avoid mistakes.
2) It is possible to roll back changes.
3) Future policies may disallow editing of this file directly (and
others in that directory) as it is security sensitive and should be
protected.
4) Future tools for managing policies on multiple machines will require
the use of semanage.
But, for now, it makes no difference.
Karl
More information about the fedora-selinux-list
mailing list