[Samba] ARGH... once again samba causes "permission" errors. SOLVED

Adam Przybyla adam at ertel.com.pl
Mon May 31 01:27:43 MDT 2010 

On Sun, May 30, 2010 at 06:24:49PM -0700, Jeff Wiegley wrote:
> Ok, I was able to fix both of my problems and they are both related
> to SELinux problems
> 
> First: I am assuming that you are like me and that you have an excellent
> background in systems administration (I teach it at a university for a
> living.) So you've configured chmod permissions and chown user and
> group ownerships on directories and files to correctly allow the desired
> access. You have configured samba to force a reasonable user or group
> or you have logged in with reasonable user credentials.
> 
> But you're still not able to create file/folder or maybe you can't map
> certain paths. You've probably been frustrated by the endless
> posts and suggestions telling you to fix the fundamental things described
> in the previous paragraph.
> 
> If you have taken care of the fundamental permission items but\
> you are seeing either of the following:
>    A) You can map a share but whenever you try to create a new
>         folder or file windows pops up an error dialog (Try again).
>    B) You can map certain paths but now others (particularly a path
>         equivalent to a mount point (XFS/Raid5 filesystem in my case.
> 
> Well, I'm running CentOS 5.5 and it has SELinux enabled by default
> but the context on the share path is probably not allowing samba.
> 
> you can check the context of the path with the -Z switch ls:
> 
> [root at nas samba]# ls -ldZ /mnt
> drwxr-xr-x  root root system_u:object_r:mnt_t          /mnt
> 
> In this case the context is "mnt_t", you need to change the
> context to samba_share_t
> 
> [root at nas samba]# chcon -t samba_share_t /mnt/nas
> [root at nas samba]# ls -adZ /mnt/nas
> drwxr-x---  nas nas system_u:object_r:samba_share_t  /mnt/nas
> 
> Now your share should both mount and allow the creation/deletion
> of folders/files.
> 
> Warning: I am old, I learned system administration and practiced
> it for a decade in industry before SELinux was even invented. I do
> not pretend to begin to understand this [possibly overly] complicated
> security system.
	... make this permanent:
semanage fcontext -a -t samba_share_t /mnt/nas
Regards
								Adam Przybyla

More information about the samba mailing list