[CentOS] Strange Samba Issue
Daniel J Walsh
dwalsh at redhat.com
Mon Feb 17 15:12:22 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/17/2014 09:08 AM, John R Pierce wrote:
> On 2/17/2014 5:36 AM, Styma, Robert E (Robert) wrote:
>> Researching showed that there are a number of little selinux flags to set
>> to get samba to work. I went into /etc/selinux/config and turned off
>> selinux to test and rebooted. The problems went away. Now I just have to
>> figure out what to configure, so I can turn selinux back on.
>
> you shouldn't turn it off entirely, as its painful to turn back on later...
> rather, set it to 'permissive' with seenforce
>
>
>
You want to look for a boolean that effects samba.
getsebool -a | grep samb
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
Or as root execute
# semanage boolean -l| grep samba
samba_portmapper (off , off) Allow samba to act as a portmapper
samba_enable_home_dirs (off , off) Allow samba to share users home
directories.
samba_export_all_ro (off , off) Allow samba to share any
file/directory read only.
samba_export_all_rw (off , off) Allow samba to share any
file/directory read/write.
use_samba_home_dirs (off , off) Support SAMBA home directories
samba_create_home_dirs (off , off) Allow samba to create new home
directories (e.g. via PAM)
smbd_anon_write (off , off) Allow samba to modify public
files used for public file transfer services. Files/Directories must be
labeled public_content_rw_t.
samba_domain_controller (off , off) Allow samba to act as the domain
controller, add users, groups and change passwords.
samba_share_fusefs (off , off) Allow samba to export
ntfs/fusefs volumes.
cdrecord_read_content (off , off) Determine whether cdrecord can
read various content. nfs, samba, removable devices, user temp and untrusted
content files
samba_share_nfs (off , off) Allow samba to export NFS volumes.
samba_run_unconfined (off , off) Allow samba to run unconfined
scripts
sanlock_use_samba (off , off) Allow sanlock to manage cifs files
virt_use_samba (off , off) Allow confined virtual guests to
manage cifs files
You can also look at the samba_selinux man page
man samba_selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMCJtYACgkQrlYvE4MpobNAyQCgz+U8TId26gVJWwe2z5Vm4T+d
vikAmgI79XBJjZjDdGPwbfCeapSxej2k
=8xbW
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list