[CentOS] Samba can't access dir - SELinux problem?

Mon Apr 25 11:39:28 UTC 2011
Ned Slider <ned at unixmail.co.uk>

On 25/04/11 09:49, Alexander Farber wrote:
> Hello,
>
> I was using CentOS 5.5 as a "playground" VM at my WinXP notebook
> and now I'm migrating to a new CentOS 5.6 install
> and everything has worked well - except samba.
>
> I have this very permissive config to export my ~/src dir:
>
> # cat /etc/samba/smb.conf
> [global]
> guest ok        = yes
> guest account   = afarber
> security        = share
> hosts allow     = 172.16.6. 127.0.0.1
>
> [src]
> path = /home/afarber/src
> public = yes
> writable = yes
> printable = no
>
> But in the new install it has stopped working and prints:
>
> # tail /var/log/samba/smbd.log
> [2011/04/25 01:36:37, 0] smbd/service.c:make_connection_snum(1013)
>    '/home/afarber/src' does not exist or permission denied when
>     connecting to [src] Error was Permission denied
>
> I've checked permissions and installed rpms -
>   they're all the same
> (and smbd runs as "root", doesn't it?)
>
> Is this maybe a SELinux setting problem?
>
> # tail /var/log/audit/audit.log (only at the new VM)
> type=AVC msg=audit(1303720863.712:53): avc:  denied  { search } for
> pid=6737 comm="smbd" name="/" dev=sda3 ino=2
> scontext=user_u:system_r:smbd_t:s0
> tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>
> type=SYSCALL msg=audit(1303720863.712:53): arch=c000003e syscall=4
> success=no exit=-13 a0=2b79380c9620 a1=7fff35dfe9f0 a2=7fff35dfe9f0
> a3=ea items=0 ppid=6543 pid=6737 auid=500 uid=500 gid=0 euid=500
> suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=2
> comm="smbd" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0
> key=(null)
>
> # ls -aldZ /home/afarber/src  (same result at both old and new VMs)
> drwxrwxr-x  afarber afarber user_u:object_r:user_home_t      /home/afarber/src
>
> # ls -aldZ /home/afarber/
> drwx------  afarber afarber user_u:object_r:user_home_dir_t  /home/afarber/
>
> Does anybody please know a magic command here?
>
> Thank you
> Alex

Alex,

Try the following command, and make sure it's set to "on" to allow users 
home dirs to be shared by samba:

$ /usr/sbin/getsebool -a | grep samba_enable_home_dirs
samba_enable_home_dirs --> on

If not, you can turn it on with:

setsebool -P samba_enable_home_dirs on


See here for more information:

http://wiki.centos.org/HowTos/SELinux
http://wiki.centos.org/TipsAndTricks/SelinuxBooleans