Hi all.
I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course!
SELINUX-CONFIG sh-4.1# cat /etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Do not edit directly.
/data(/.*)? system_u:object_r:samba_share_t:s0
FIREWALL-CONFIG (Port 901 is for SWAT) sh-4.1# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Thu Dec 20 17:28:14 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT COMMIT # Completed on Thu Dec 20 17:28:14 2012
SAMBA-CONFIG "Alice im Wunderland" is the testfile I uploaded with disabled Firewall and disabled SELinux sh-4.1# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[public]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions
[global] workgroup = NETZWERK server string = Samba Server Version %v security = SHARE log file = /var/log/samba/log.%m max log size = 50 cups options = raw
[public] comment = hier kannn reinkopiert werden path = /data/public read only = No create mask = 0777 guest only = Yes guest ok = Yes sh-4.1# cat /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest sh-4.1# ls -lisah /data/public total 144M 1703938 12K drwxrwxrwx. 4 nobody users 12K Dec 27 13:39 . 1703937 4.0K drwxr-xr-x. 3 root root 4.0K Dec 22 19:43 .. 1706985 144M -rwxrw-rw- 1 nobody nobody 144M Dec 27 13:39 Disney_ Alice im Wunderland (1951).mp4
On 27 December 2012 21:09, Ibrahim Yurtseven arastirmacilar@aol.de wrote:
Hi all.
I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course!
SELINUX-CONFIG sh-4.1# cat /etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Do not edit directly.
/data(/.*)? system_u:object_r:samba_share_t:s0
FIREWALL-CONFIG (Port 901 is for SWAT) sh-4.1# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Thu Dec 20 17:28:14 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT COMMIT # Completed on Thu Dec 20 17:28:14 2012
SAMBA-CONFIG "Alice im Wunderland" is the testfile I uploaded with disabled Firewall and disabled SELinux sh-4.1# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[public]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions
[global] workgroup = NETZWERK server string = Samba Server Version %v security = SHARE log file = /var/log/samba/log.%m max log size = 50 cups options = raw
[public] comment = hier kannn reinkopiert werden path = /data/public read only = No create mask = 0777 guest only = Yes guest ok = Yes sh-4.1# cat /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest sh-4.1# ls -lisah /data/public total 144M 1703938 12K drwxrwxrwx. 4 nobody users 12K Dec 27 13:39 . 1703937 4.0K drwxr-xr-x. 3 root root 4.0K Dec 22 19:43 .. 1706985 144M -rwxrw-rw- 1 nobody nobody 144M Dec 27 13:39 Disney_ Alice im Wunderland (1951).mp4
-- Ibrahim "Arastirmacilar" Yurtseven 2.6.32-279.19.1.el6.i686 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Is the nmb service running?
Earl A Ramirez wrote:
Is the nmb service running?
sh-4.1# service nmb status nmbd (pid 1863) is running...
I set nmb like smb my system-config-services It starts automaticly on boot.
The nmb service is started once, usually when the system is booted, runs in the background and wakes up when needed. This service is enabled. This service is running. Starts and stops the Samba nmbd daemon used to provide NetBIOS name services.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/27/2012 08:09 AM, Ibrahim Yurtseven wrote:
Hi all.
I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course!
SELINUX-CONFIG sh-4.1# cat /etc/selinux/targeted/contexts/files/file_contexts.local # This file is auto-generated by libsemanage # Do not edit directly.
/data(/.*)? system_u:object_r:samba_share_t:s0
FIREWALL-CONFIG (Port 901 is for SWAT) sh-4.1# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Thu Dec 20 17:28:14 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT COMMIT # Completed on Thu Dec 20 17:28:14 2012
SAMBA-CONFIG "Alice im Wunderland" is the testfile I uploaded with disabled Firewall and disabled SELinux sh-4.1# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[public]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions
[global] workgroup = NETZWERK server string = Samba Server Version %v security = SHARE log file = /var/log/samba/log.%m max log size = 50 cups options = raw
[public] comment = hier kannn reinkopiert werden path = /data/public read only = No create mask = 0777 guest only = Yes guest ok = Yes sh-4.1# cat /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest sh-4.1# ls -lisah /data/public total 144M 1703938 12K drwxrwxrwx. 4 nobody users 12K Dec 27 13:39 . 1703937 4.0K drwxr-xr-x. 3 root root 4.0K Dec 22 19:43 .. 1706985 144M -rwxrw-rw- 1 nobody nobody 144M Dec 27 13:39 Disney_ Alice im Wunderland (1951).mp4
You did run restorecon on /data? restorecon -R -v /data
Does it work in permissive mode?
Daniel J Walsh wrote:
You did run restorecon on /data? restorecon -R -v /data
No, only on /data/public
sh-4.1$ restorecon -R -v /data restorecon: unable to read directory /data
I configured my smb with this (german) tutorial: http://www.gtkdb.de/index_7_1356.html
But i tried to configure a writeable access to guests, so i didn't add a new user in samba and run chown to nobody:nobody instead of root:users and chmod to ogu+rwx!
Does it work in permissive mode?
Just tested with "enforcing". Should i switch to permissive mode?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/27/2012 10:26 AM, Ibrahim Yurtseven wrote:
Daniel J Walsh wrote:
You did run restorecon on /data? restorecon -R -v /data
No, only on /data/public
sh-4.1$ restorecon -R -v /data restorecon: unable to read directory /data
Run the restorecon command as root.
I configured my smb with this (german) tutorial: http://www.gtkdb.de/index_7_1356.html
But i tried to configure a writeable access to guests, so i didn't add a new user in samba and run chown to nobody:nobody instead of root:users and chmod to ogu+rwx!
Not a great idea since every user will be allowed to read/write/execute in this directory.
Does it work in permissive mode?
Just tested with "enforcing". Should i switch to permissive mode?
I would just check if it works in permissive mode then we can blame this on SELinux, if not, then it is not SELinux problem.
Daniel J Walsh wrote:
Not a great idea since every user will be allowed to read/write/execute in this directory.
I ran chown with root:users for data public in recursive mode and added nobody to the group users, but via samba created files will own by nobody:nobody instead of nobody:users, so it is not allowed for my local user to write and read the files added via samba. So I decided to access rwx to all. what is the trick in the smb.conf that the files will owned by the group "users"? I'm working with the parameter "create mask = 777". I would rather work with 770 and the files should be owned by the user "nobody" and the group "users".
I would just check if it works in permissive mode then we can blame this on SELinux, if not, then it is not SELinux problem.
Works on permissive mode with activated firewall, but i changed "security=share" to "security=user" in the smb.conf as well. So the access to the samba-share works now on enforcing mode, too.
On Dec 28, 2012, at 5:13 AM, Ibrahim Yurtseven wrote:
Daniel J Walsh wrote:
Not a great idea since every user will be allowed to read/write/execute in this directory.
I ran chown with root:users for data public in recursive mode and added nobody to the group users, but via samba created files will own by nobody:nobody instead of nobody:users, so it is not allowed for my local user to write and read the files added via samba. So I decided to access rwx to all. what is the trick in the smb.conf that the files will owned by the group "users"? I'm working with the parameter "create mask = 777". I would rather work with 770 and the files should be owned by the user "nobody" and the group "users".
---- I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box.
chirp users /data/public -R chmod g+s /data/public -R
will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group.
if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too. ----
I would just check if it works in permissive mode then we can blame this on SELinux, if not, then it is not SELinux problem.
Works on permissive mode with activated firewall, but i changed "security=share" to "security=user" in the smb.conf as well. So the access to the samba-share works now on enforcing mode, too.
---- in my opinion, security=user is always the better solution.
Craig
You need to open the service in the firewall Type setup and go to the firewall and mark samba Then you will see all folders in the windows pc On Dec 28, 2012 10:11 AM, "Craig White" craig.white@ttiltd.com wrote:
On Dec 28, 2012, at 5:13 AM, Ibrahim Yurtseven wrote:
Daniel J Walsh wrote:
Not a great idea since every user will be allowed to read/write/execute
in
this directory.
I ran chown with root:users for data public in recursive mode and added nobody to the group users, but via samba created files will own by nobody:nobody instead of nobody:users, so it is not allowed for my local user to write and read the files added via samba. So I decided to access rwx to all. what is the trick in the smb.conf that the files will owned by the group "users"? I'm working with the parameter "create mask = 777". I would rather work with 770 and the files should be owned by the user "nobody" and the group "users".
I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box.
chirp users /data/public -R chmod g+s /data/public -R
will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group.
if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too.
I would just check if it works in permissive mode then we can blame
this on
SELinux, if not, then it is not SELinux problem.
Works on permissive mode with activated firewall, but i changed "security=share" to "security=user" in the smb.conf as well. So the access to the samba-share works now on enforcing mode, too.
in my opinion, security=user is always the better solution.
Craig _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Dec 28, 2012 at 9:10 AM, Craig White craig.white@ttiltd.com wrote:
I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box.
chirp users /data/public -R chmod g+s /data/public -R
will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group.
if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too.
What is the chirp command and where is it found? "yum search all chirp" yielded nothing.
On 12/31/2012 07:27 PM, Rob Townley wrote:
On Fri, Dec 28, 2012 at 9:10 AM, Craig Whitecraig.white@ttiltd.com wrote:
I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be some rather twisted logic that has security implications far beyond the simple samba share configuration but hey… it's your box.
chirp users /data/public -R chmod g+s /data/public -R
will ensure that all files/folders in /data/public are owned by the group 'users' and any new files/folders created within (whether by samba or not) belong to that group.
if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too.
What is the chirp command and where is it found? "yum search all chirp" yielded nothing.
I believe you will find that chirp was a fat finger for chgrp.
On Mon, Dec 31, 2012 at 6:41 PM, Mark LaPierre marklapier@aol.com wrote:
On 12/31/2012 07:27 PM, Rob Townley wrote:
On Fri, Dec 28, 2012 at 9:10 AM, Craig Whitecraig.white@ttiltd.com
wrote:
I guess I'm not sure what the point is by having files owned by 'nobody' and then adding nobody 'user' to the 'users' group - that seems to be
some
rather twisted logic that has security implications far beyond the
simple
samba share configuration but hey… it's your box.
chirp users /data/public -R chmod g+s /data/public -R
will ensure that all files/folders in /data/public are owned by the
group
'users' and any new files/folders created within (whether by samba or
not)
belong to that group.
if you add 'inherit permissions = yes' to the 'share' definition in smb.conf, that also will impact. Yes, you could also add: force security mode = 770 #or 775 force directory security mode = 770 #or 775 within the share definition too.
What is the chirp command and where is it found? "yum search all chirp" yielded nothing.
I believe you will find that chirp was a fat finger for chgrp.
THANK YOU... i could not figure out the typo quickly. i wanted to make sure the complete and correct reference is there when i need it some time at 3am.
-- _ °v° /(_)\ ^ ^ Mark LaPierre Registerd Linux user No #267004 https://linuxcounter.net/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Dec 27, 2012, at 6:09 AM, Ibrahim Yurtseven wrote:
[global] workgroup = NETZWERK server string = Samba Server Version %v security = SHARE log file = /var/log/samba/log.%m max log size = 50 cups options = raw
[public] comment = hier kannn reinkopiert werden path = /data/public read only = No create mask = 0777 guest only = Yes guest ok = Yes sh-4.1# cat /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest sh-4.1# ls -lisah /data/public total 144M 1703938 12K drwxrwxrwx. 4 nobody users 12K Dec 27 13:39 . 1703937 4.0K drwxr-xr-x. 3 root root 4.0K Dec 22 19:43 .. 1706985 144M -rwxrw-rw- 1 nobody nobody 144M Dec 27 13:39 Disney_ Alice im Wunderland (1951).mp4
---- perhaps testparam -sv would have been more useful/explicit just to confirm the default values are what you believe them to be but…
assuming that: ls -ld /data/ ls -ld /data/public are rwxrwxrwx (or something that permits user 'nobody')
you might want to ensure that 'guest account = nobody' is specifically set in the global section.
I have no experience with 'security = share' and tend to use 'security = user' and with this setup, I think you can use 'map to bad user' to achieve something similar but I suspect that you can make it work. The concept of security = share is to mimic Windows 95/98 file sharing mode which requires only a password. I don't know that it is well supported by Windows Vista, 7 or 8 clients.
Craig
-
Craig White -
Daniel J Walsh -
Earl A Ramirez -
Fidel Dominguez -
Ibrahim Yurtseven -
Mark LaPierre -
Rob Townley