[CentOS] Samba vs. Firewall and/or SELinux

Craig White craig.white at ttiltd.com
Thu Dec 27 15:37:26 UTC 2012


On Dec 27, 2012, at 6:09 AM, Ibrahim Yurtseven wrote:

> [global]
> 	workgroup = NETZWERK
> 	server string = Samba Server Version %v
> 	security = SHARE
> 	log file = /var/log/samba/log.%m
> 	max log size = 50
> 	cups options = raw
> 
> [public]
> 	comment = hier kannn reinkopiert werden
> 	path = /data/public
> 	read only = No
> 	create mask = 0777
> 	guest only = Yes
> 	guest ok = Yes
> sh-4.1#  cat /etc/samba/smbusers 
> # Unix_name = SMB_name1 SMB_name2 ...
> root = administrator admin
> nobody = guest pcguest smbguest
> sh-4.1# ls -lisah /data/public
> total 144M
> 1703938  12K drwxrwxrwx.  4 nobody     users       12K Dec 27 13:39 .
> 1703937 4.0K drwxr-xr-x.  3 root       root       4.0K Dec 22 19:43 ..
> 1706985 144M -rwxrw-rw-   1 nobody     nobody     144M Dec 27 13:39
> Disney_ Alice im Wunderland (1951).mp4
----
perhaps testparam -sv would have been more useful/explicit just to confirm the default values are what you believe them to be but…

assuming that:
ls -ld /data/
ls -ld /data/public
are
rwxrwxrwx (or something that permits user 'nobody')

you might want to ensure that 'guest account = nobody' is specifically set in the global section.

I have no experience with 'security = share' and tend to use 'security = user' and with this setup, I think you can use 'map to bad user' to achieve something similar but I suspect that you can make it work. The concept of security = share is to mimic Windows 95/98 file sharing mode which requires only a password. I don't know that it is well supported by Windows Vista, 7 or 8 clients.

Craig


More information about the CentOS mailing list