[Samba] Public shares in FC4 (update)
Don Meyer
dlmeyer at uiuc.edu
Sun Feb 26 07:30:38 GMT 2006
audit2allow gave you the code to allow "search" capability on
directories labeled "default_t". You are instead giving samba full
access to the parent directory of your share(s) by re-labeling it.
It's your call whether granting smbd the limited "search" capability
to all directories labeled "default_t" is more or less secure than
granting smbd full access to a single parent directory.
At 01:06 AM 2/26/2006, Louis E Garcia II wrote:
>Yes I just realized that. I solved it another way.
>
>When I had this samba couldn't see public. I got avc error saying smbd_t
>needed access to default_t
>drwxr-xr-x root root system_u:object_r:default_t /data
>drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
>
>When I had this samba could see public and it worked.
>drwxr-xr-x root root system_u:object_r:samba_share_t /data
>drwxrwsrwx root root system_u:object_r:samba_share_t /data/public
>
>I think this is a better solution then to have samba have access to any
>new dir with default_t. What do you think?
>
>-Louis
>
>On Sat, 2006-02-25 at 23:43 -0600, Don Meyer wrote:
> > Look at your AVC error (below) -- to paraphrase, avc denied search
> > for smbd for the name "/". That is running into a problem accessing
> > (traversing) the root directory. Hence the need to allow "search"
> > on default_t.
> >
Don Meyer <dlmeyer at uiuc.edu>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
More information about the samba
mailing list