mount.cifs and credentials file
Paul Howarth
paul at city-fan.org
Fri Mar 16 09:01:50 UTC 2007
Dawid Gajownik wrote:
> Hi!
> What's the proper security context of credentials file used by
> mount.cifs? samba_selinux did not help me and cifs_t is not what I am
> looking for:
>
> audit(1173946014.366:6): avc: denied { read } for pid=2237
> comm="mount.cifs" name=".smbcredential-polsl" dev=sda1 ino=2195809
> scontext=system_u:system_r:mount_t:s0 tcontext=user_u:object_r:cifs_t:s0
> tclass=file
>
> I've got this line in my fstab:
>
> //dionizos/usr /srv/dionizos cifs
> credentials=/root/.smbcredential-polsl,uid=gajownik,gid=users,file_mode=0666,dir_mode=0777
> 0 0
You're probably having problems with trying to read /root before you
even get to the credentials file. What I use is this:
//METROPOLIS/Public\040Data /mnt/samba/public.data cifs
uid=paul,gid=paul,credentials=/etc/samba/smbcredentials.paul,dir_mode=0755,file_mode=0644
0 0
$ ls -lZ /etc/samba
-rw-r--r-- root root system_u:object_r:samba_etc_t lmhosts
-rw------- root root user_u:object_r:samba_secrets_t passdb.tdb
-rw------- root root user_u:object_r:samba_secrets_t secrets.tdb
-rw-r--r-- root root system_u:object_r:samba_etc_t smb.conf
-rw------- root root user_u:object_r:samba_etc_t smbcredentials.paul
-rw-r--r-- root root system_u:object_r:samba_etc_t smbusers
Paul.
More information about the fedora-selinux-list
mailing list