[Samba] share permissions
Kevin Field
kev at brantaero.com
Tue Aug 20 09:10:11 MDT 2013
Aha! Moving it worked. I can now see it from Windows. If I chmod 777
on the directory I can also add files to it from Windows.
However, I don't quite understand why the parent of the share directory
affects it. BTW /home/me has 700 permissions and /srv has 755. If the
+x on /srv allows the +x on my test share directory to allow Windows to
browse it, why doesn't the -w on /srv prevent the +w on my test share
directory from allowing Windows to create files there? I always thought
negative permissions took precedence in ACL, generally?
Thanks,
Kev
On 2013-08-20 10:22 AM, Kevin Field wrote:
> Hi Ricky,
>
> I don't think I should have to reboot. setenforce is documented to work
> without rebooting. If I need to reboot a Linux server to troubleshoot
> something like this--and I hear SELinux is often a first thing to try
> disabling to troubleshoot--then it's worse than Windows for rebooting
> requirements. But I'm pretty sure that's simply not true.
>
> Otherwise this is meaningless:
>
> $ sudo setenforce 0
> $ sudo getenforce
> Permissive
>
> Also I'm a bit confused as to why the permissions on /home should affect
> /home/me if I've explicitly set them on /home/me and haven't defined
> some kind of ACL inheritance policy. Is it the default that higher
> directories' permissions override lower ones in CentOS? Or is it a
> Samba fileshare thing? I would like to know exactly how this works, but
> in any case, I'll try moving the share and see how it goes.
>
> Thanks,
> Kev
>
> On 2013-08-17 9:47 AM, Ricky Nance wrote:
>> Have a look at
>> http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html
>> and
>> you will probably have to reboot after making the changes. I have seen
>> this cause more problems then not, so I would start with disabling it
>> and see if it fixes your problem. Also since you are using a /home/me
>> before your share, you need to make sure you have at least 755
>> permissions in both /home and /home/me, it might be a good idea to make
>> a directory named /srv/mytestshare instead.
>>
>> Ricky
>>
>>
>> On Fri, Aug 16, 2013 at 8:14 PM, Kevin Field <kev at brantaero.com
>> <mailto:kev at brantaero.com>> wrote:
>>
>> Interestingly, I couldn't turn off selinux using their method:
>>
>> $ sudo echo 0 > /selinux/enforce
>> -bash: /selinux/enforce: Permission denied
>>
>> Perhaps it's a CentOS thing. Anyway, `sudo setenforce 0` seemed to
>> work in that it didn't give me an error message, but OTOH didn't
>> seem to work in that the output of ls -alhDZ was the same:
>>
>> drwxrwxr-x. me me unconfined_u:object_r:samba___share_t:s0
>> mytestshare
>>
>> But in any case, it still gives me the same error from Windows.
>>
>> Also something strange happened, after a while I could not navigate
>> to \\newdc without a similar error, but I had not been doing
>> anything in the system, so I'm not sure what might have caused it.
>> Running `sudo killall samba` and then `sudo samba` made it
>> suddenly be browseable again. Maybe not related...not sure...
>>
>> Anyway thanks for your help, Ricky. Any other ideas? BTW I had set
>> up the selinux permissions on the mytestshare dir per the HOWTO at
>> http://wiki.centos.org/HowTos/__SetUpSamba
>> <http://wiki.centos.org/HowTos/SetUpSamba> . I'm pretty sure that's
>> why it says samba_share_t on the ls output above.
>>
>> Kev
>>
>>
>> On 2013-08-16 11:52 AM, Ricky Nance wrote:
>>
>> Temporarily turn off selinux, if that fixes your issue you will
>> need to
>> adjust the selinux rules to take care of the problem (or just
>> completely
>> disable selinux). Also if you do a ls -alhDZ
>> /home/me/mytestshare before
>> you turn it off it can tell you if selinux is on, then run that
>> again
>> after its turned off to confirm. You can read about
>> disabling/turning
>> off selinux
>>
>> at�http://www.revsys.com/__writings/quicktips/turn-off-__selinux.html
>> <http://www.revsys.com/writings/quicktips/turn-off-selinux.html>
>>
>> Ricky
>>
>>
>> On Thu, Aug 15, 2013 at 10:44 PM, Kevin Field <kev at brantaero.com
>> <mailto:kev at brantaero.com>
>> <mailto:kev at brantaero.com <mailto:kev at brantaero.com>>> wrote:
>>
>> I have a share setup on a Samba 4.0.8 / CentOS 6.4 box
>> that is
>> successfully replicating with a W2K3 server. �I'm
>> following the
>> HOWTO here:
>>
>> https://wiki.samba.org/index.____php/Setup_and_configure_file_____shares
>>
>> <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares>
>>
>>
>>
>> <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares
>>
>> <https://wiki.samba.org/index.php/Setup_and_configure_file_shares>>
>>
>> [mytest]
>> � � � � path = /home/me/mytestshare <-- with or without
>> trailing slash
>> � � � � read only = No
>>
>> On the W2K3 box, I can browse to \\newdc and I see my test
>> share
>> listed there. �I can also see it if I connect to newdc in
>> Computer
>> Management. �However, what I can't get from either of those
>> places
>> is a Security tab if I right-click the share and go to
>> Properties.
>> �There's a Share Permissions tab in CM only that says that
>> Everyone
>> has Full Control. Despite that, if I try to double-click
>> the share
>> in Explorer, I get:
>>
>> ---------------------------
>> \\newdc
>> ---------------------------
>> \\newdc\mytest is not accessible. You might not have
>> permission to
>> use this network resource. Contact the administrator of
>> this server
>> to find out if you have access permissions.
>>
>> Access is denied.
>>
>> ---------------------------
>> OK
>> ---------------------------
>>
>> My account has all privileges I can think of, including the
>> SeDiskOperatorPrivilege as laid out in the HOWTO.
>>
>> Even if I chmod 777 /home/me/mytestshare I get this error.
>>
>> What am I missing?
>>
>> Thanks,
>> Kev
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions:
>> �https://lists.samba.org/____mailman/options/samba
>> <https://lists.samba.org/__mailman/options/samba>
>> <https://lists.samba.org/__mailman/options/samba
>> <https://lists.samba.org/mailman/options/samba>>
>>
>>
>>
More information about the samba
mailing list