permissions on samba share

Todd Brunhoff todd.brunhoff at
Fri Jul 20 13:38:23 MDT 2012

On 07/20/2012 12:20 PM, simo wrote:
> On Fri, 2012-07-20 at 11:31 -0700, Todd Brunhoff wrote:
>> To answer my own question... it was selinux. Turn it off and everything
>> works.
>> On 07/19/2012 01:58 PM, Todd Brunhoff wrote:
>>> After reinstalling fedora 16 from scratch, I cannot get samba to work
>>> correctly. I can log in successfully with smbclient and I can map a
>>> network drive, but then I cannot get access to my login directory.
> Have you read the sample confg file where there is a whole section that
> gives you commands to run and booleans to turn in an howto fashion ?
> Don;t simple turn things off, SeLinux is there to help you.
> Simo.
I did read the sample smb.conf, and several others, and I didn't see 
anything relevant. Nor did I find anything in the smb.conf man page. Nor 
did I find anything in the source rpm that appeared to have an effect. 
And after turning on debug level 10 and running strace on smbd, I found 
that it was an openat() call that failed with permission denied. Based 
on failure with selinux enabled and success without, it appears that 
selinux will deny access when real uid/gid does not match effective 
uid/gid. I would guess that I could turn off a certain policy in 
selinux, but given that I am behind a firewall, I see no point in 
wrestling with that.

I do find it interesting that you imply certain booleans in smb.conf 
might be the answer, but you did not suggest any that might be applicable.

If my theory about selinux and real/effective uid/gid mismatch is right, 
then perhaps the samba implementation should be calling setreuid() and 


More information about the samba-technical mailing list