[Samba] Public shares in FC4 (update)
Louis E Garcia II
louisg00 at bellsouth.net
Sat Feb 25 02:32:51 GMT 2006
On FC4 it's under /var/log/audit/audit.log. This is the only place I
found AVC errors.
# audit2allow -i /var/log/audit/audit.log
allow auditd_t self:fifo_file write;
allow cupsd_config_t proc_net_t:dir search;
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl write };
allow hald_t unconfined_t:fifo_file read;
allow httpd_t crond_t:fifo_file read;
allow nmbd_t unconfined_t:fifo_file write;
allow rpcd_t unconfined_t:fifo_file read;
allow smbd_t default_t:dir search;
allow smbd_t file_t:dir { getattr search };
allow smbd_t mnt_t:lnk_file read;
allow smbd_t root_t:dir write;
allow smbd_t unconfined_t:fifo_file write;
allow system_dbusd_t unconfined_t:fifo_file read;
I think I'm only worried about smb_t? There are 5 lines there, do I put
them all in /etc/selinux/targeted/src/policy/domains/misc/local.te?
or I only need some? I see nothing about /data/public access.
-Louis
On Fri, 2006-02-24 at 16:54 -0600, Don Meyer wrote:
> [Caveat: My systems are mostly RHEL4 based, I don't have a FC4
> system handy to verify paths & package names. But they should be
> somewhat close...]
>
> First, you need to identify what the problem is: If you cannot find
> the AVC errors reported in your syslog, and decifer them to know how
> to fix them manually, the easiest method is to run the following
> utility command:
>
> audit2allow -i /var/log/messages
>
> This will run the audit2allow utility against the current syslog
> file, which I'm assuming will contain the AVC errors generated by
> your problem. (If log rotation has occurred since the errors,
> simply run the command against /var/log/messages.1 .)
>
> The output from this command needs to be added to (create if
> necessary) the file:
>
> /etc/selinux/targeted/src/policy/domains/misc/local.te
>
> (If the "src" directory is missing under /etc/selinux/targeted/, you
> may need to install the selinux-policy-targeted-source package.)
>
> When you've finished editing local.te, cd to the "policy" level, and
> execute this command:
>
> cd /etc/selinux/targeted/src/policy/
> make load
>
>
> After this, you can try your system to see if the error is still being thrown.
>
> Cheers,
> -D
>
>
> At 03:42 PM 2/24/2006, Louis E Garcia II wrote:
> >Ok, I narrowed down the problem to selinux. With it off I have no
> >problems. How do label /data/public so samba can use it? I have tried:
> >
> ># chcon -R -t samba_share_t /data/public
> >
> >but it didn't help.
> >
> >
> >On Fri, 2006-02-24 at 12:32 -0500, Louis E Garcia II wrote:
> > > /dev/hda3 /data ext3 defaults 1 2
> > >
> > > data is the partition.
> > >
> > > On Fri, 2006-02-24 at 09:18 +0100, Henrik Zagerholm wrote:
> > > > Have you mounted the other partition as data or is data just at dir
> > > > on the other partition?
> > > >
> > > > cheers,
> > > > henrik
> > > >
> > > > 24 feb 2006 kl. 02:30 skrev Louis E Garcia II:
> > > >
> > > > > I am able to share a directory under / like /samba and able to connect
> > > > > to it. The /data directory is not under / but a separate partition. I
> > > > > wouldn't think this is a problem?
> > > > >
> > > > > On Thu, 2006-02-23 at 18:20 -0500, Louis E Garcia II wrote:
> > > > >> I am trying to share a directory with samba-3.0.14a and FC4. readable
> > > > >> and writable to everyone.
> > > > >>
> > > > >> The directory is /data/public : 2777 root:root
> > > > >>
> > > > >> This is my smb.conf:
> > > > >>
> > > > >> [global]
> > > > >> workgroup = HOMENETWORK
> > > > >> server string = Samba Server
> > > > >> security = SHARE
> > > > >> hosts allow = 127.0.0.1, 192.168.0.0/24
> > > > >> hosts deny = 192.168.0.1/24
> > > > >>
> > > > >> [public]
> > > > >> comment = Public Stuff
> > > > >> path = /data/public
> > > > >> public = Yes
> > > > >> read only = No
> > > > >> browseable = Yes
> > > > >> guest ok = Yes
> > > > >> create mask = 2777
> > > > >>
> > > > >> I am able to browse the server but when I open the share public I
> > > > >> get an
> > > > >> error that the directory doesn't exist.
> > > > >>
> > > > >> I am stumped. --Louis
> > > > >>
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read the
> > > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/listinfo/samba
>
> Don Meyer <dlmeyer at uiuc.edu>
> Network Manager, ACES Academic Computing Facility
> Technical System Manager, ACES TeleNet System
> UIUC College of ACES, Information Technology and Communication Services
>
> "They that can give up essential liberty to obtain a little
> temporary safety,
> deserve neither liberty or safety." -- Benjamin Franklin, 1759
>
More information about the samba
mailing list