permissions on samba share
Todd Brunhoff
todd.brunhoff at gmail.com
Fri Jul 20 13:38:23 MDT 2012
On 07/20/2012 12:20 PM, simo wrote:
> On Fri, 2012-07-20 at 11:31 -0700, Todd Brunhoff wrote:
>> To answer my own question... it was selinux. Turn it off and everything
>> works.
>>
>> On 07/19/2012 01:58 PM, Todd Brunhoff wrote:
>>
>>> After reinstalling fedora 16 from scratch, I cannot get samba to work
>>> correctly. I can log in successfully with smbclient and I can map a
>>> network drive, but then I cannot get access to my login directory.
> Have you read the sample confg file where there is a whole section that
> gives you commands to run and booleans to turn in an howto fashion ?
>
> Don;t simple turn things off, SeLinux is there to help you.
>
> Simo.
I did read the sample smb.conf, and several others, and I didn't see
anything relevant. Nor did I find anything in the smb.conf man page. Nor
did I find anything in the source rpm that appeared to have an effect.
And after turning on debug level 10 and running strace on smbd, I found
that it was an openat() call that failed with permission denied. Based
on failure with selinux enabled and success without, it appears that
selinux will deny access when real uid/gid does not match effective
uid/gid. I would guess that I could turn off a certain policy in
selinux, but given that I am behind a firewall, I see no point in
wrestling with that.
I do find it interesting that you imply certain booleans in smb.conf
might be the answer, but you did not suggest any that might be applicable.
If my theory about selinux and real/effective uid/gid mismatch is right,
then perhaps the samba implementation should be calling setreuid() and
setregid().
Todd
More information about the samba-technical
mailing list