[CentOS] Samba vs. Firewall and/or SELinux

Fri Dec 28 15:49:46 UTC 2012
Fidel Dominguez <fdvalero.rhel at gmail.com>

You need to open the service in the firewall
Type setup and go to the firewall and mark samba
Then you will see all folders in the windows pc
On Dec 28, 2012 10:11 AM, "Craig White" <craig.white at ttiltd.com> wrote:

> On Dec 28, 2012, at 5:13 AM, Ibrahim Yurtseven wrote:
> > Daniel J Walsh wrote:
> >> Not a great idea since every user will be allowed to read/write/execute
> in
> >> this directory.
> > I ran chown with root:users for data public in recursive mode and added
> > nobody to the group users, but via samba created files will own by
> > nobody:nobody instead of nobody:users, so it is not allowed for my
> > local user to write and read the files added via samba. So I decided to
> > access rwx to all. what is the trick in the smb.conf that the files
> > will owned by the group "users"? I'm working with the parameter "create
> > mask = 777". I would rather work with 770 and the files should be owned
> > by the user "nobody" and the group "users".
> ----
> I guess I'm not sure what the point is by having files owned by 'nobody'
> and then adding nobody 'user' to the 'users' group - that seems to be some
> rather twisted logic that has security implications far beyond the simple
> samba share configuration but hey… it's your box.
> chirp users /data/public -R
> chmod g+s /data/public -R
> will ensure that all files/folders in /data/public are owned by the group
> 'users' and any new files/folders created within (whether by samba or not)
> belong to that group.
> if you add 'inherit permissions = yes' to the 'share' definition in
> smb.conf, that also will impact.
> Yes, you could also add:
> force security mode = 770 #or 775
> force directory security mode = 770 #or 775
> within the share definition too.
> ----
> >> I would just check if it works in permissive mode then we can blame
> this on
> >> SELinux, if not, then it is not SELinux problem.
> > Works on permissive mode with activated firewall, but i changed
> > "security=share" to "security=user" in the smb.conf as well. So the
> > access to the samba-share works now on enforcing mode, too.
> ----
> in my opinion, security=user is always the better solution.
> Craig
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos