[Samba] share permissions
Kevin Field
kev at brantaero.com
Tue Aug 20 08:22:48 MDT 2013
Hi Ricky,
I don't think I should have to reboot. setenforce is documented to work
without rebooting. If I need to reboot a Linux server to troubleshoot
something like this--and I hear SELinux is often a first thing to try
disabling to troubleshoot--then it's worse than Windows for rebooting
requirements. But I'm pretty sure that's simply not true.
Otherwise this is meaningless:
$ sudo setenforce 0
$ sudo getenforce
Permissive
Also I'm a bit confused as to why the permissions on /home should affect
/home/me if I've explicitly set them on /home/me and haven't defined
some kind of ACL inheritance policy. Is it the default that higher
directories' permissions override lower ones in CentOS? Or is it a
Samba fileshare thing? I would like to know exactly how this works, but
in any case, I'll try moving the share and see how it goes.
Thanks,
Kev
On 2013-08-17 9:47 AM, Ricky Nance wrote:
> Have a look at
> http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html and
> you will probably have to reboot after making the changes. I have seen
> this cause more problems then not, so I would start with disabling it
> and see if it fixes your problem. Also since you are using a /home/me
> before your share, you need to make sure you have at least 755
> permissions in both /home and /home/me, it might be a good idea to make
> a directory named /srv/mytestshare instead.
>
> Ricky
>
>
> On Fri, Aug 16, 2013 at 8:14 PM, Kevin Field <kev at brantaero.com
> <mailto:kev at brantaero.com>> wrote:
>
> Interestingly, I couldn't turn off selinux using their method:
>
> $ sudo echo 0 > /selinux/enforce
> -bash: /selinux/enforce: Permission denied
>
> Perhaps it's a CentOS thing. Anyway, `sudo setenforce 0` seemed to
> work in that it didn't give me an error message, but OTOH didn't
> seem to work in that the output of ls -alhDZ was the same:
>
> drwxrwxr-x. me me unconfined_u:object_r:samba___share_t:s0
> mytestshare
>
> But in any case, it still gives me the same error from Windows.
>
> Also something strange happened, after a while I could not navigate
> to \\newdc without a similar error, but I had not been doing
> anything in the system, so I'm not sure what might have caused it.
> Running `sudo killall samba` and then `sudo samba` made it
> suddenly be browseable again. Maybe not related...not sure...
>
> Anyway thanks for your help, Ricky. Any other ideas? BTW I had set
> up the selinux permissions on the mytestshare dir per the HOWTO at
> http://wiki.centos.org/HowTos/__SetUpSamba
> <http://wiki.centos.org/HowTos/SetUpSamba> . I'm pretty sure that's
> why it says samba_share_t on the ls output above.
>
> Kev
>
>
> On 2013-08-16 11:52 AM, Ricky Nance wrote:
>
> Temporarily turn off selinux, if that fixes your issue you will
> need to
> adjust the selinux rules to take care of the problem (or just
> completely
> disable selinux). Also if you do a ls -alhDZ
> /home/me/mytestshare before
> you turn it off it can tell you if selinux is on, then run that
> again
> after its turned off to confirm. You can read about
> disabling/turning
> off selinux
> at�http://www.revsys.com/__writings/quicktips/turn-off-__selinux.html
> <http://www.revsys.com/writings/quicktips/turn-off-selinux.html>
>
> Ricky
>
>
> On Thu, Aug 15, 2013 at 10:44 PM, Kevin Field <kev at brantaero.com
> <mailto:kev at brantaero.com>
> <mailto:kev at brantaero.com <mailto:kev at brantaero.com>>> wrote:
>
> I have a share setup on a Samba 4.0.8 / CentOS 6.4 box that is
> successfully replicating with a W2K3 server. �I'm following the
> HOWTO here:
> https://wiki.samba.org/index.____php/Setup_and_configure_file_____shares
> <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares>
>
>
> <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares
> <https://wiki.samba.org/index.php/Setup_and_configure_file_shares>>
>
> [mytest]
> � � � � path = /home/me/mytestshare <-- with or without
> trailing slash
> � � � � read only = No
>
> On the W2K3 box, I can browse to \\newdc and I see my test
> share
> listed there. �I can also see it if I connect to newdc in
> Computer
> Management. �However, what I can't get from either of those
> places
> is a Security tab if I right-click the share and go to
> Properties.
> �There's a Share Permissions tab in CM only that says that
> Everyone
> has Full Control. Despite that, if I try to double-click
> the share
> in Explorer, I get:
>
> ---------------------------
> \\newdc
> ---------------------------
> \\newdc\mytest is not accessible. You might not have
> permission to
> use this network resource. Contact the administrator of
> this server
> to find out if you have access permissions.
>
> Access is denied.
>
> ---------------------------
> OK
> ---------------------------
>
> My account has all privileges I can think of, including the
> SeDiskOperatorPrivilege as laid out in the HOWTO.
>
> Even if I chmod 777 /home/me/mytestshare I get this error.
>
> What am I missing?
>
> Thanks,
> Kev
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions:
> �https://lists.samba.org/____mailman/options/samba
> <https://lists.samba.org/__mailman/options/samba>
> <https://lists.samba.org/__mailman/options/samba
> <https://lists.samba.org/mailman/options/samba>>
>
>
>
More information about the samba
mailing list