[Samba] share permissions

Kevin Field kev at brantaero.com
Tue Aug 20 08:22:48 MDT 2013


Hi Ricky,

I don't think I should have to reboot.  setenforce is documented to work 
without rebooting.  If I need to reboot a Linux server to troubleshoot 
something like this--and I hear SELinux is often a first thing to try 
disabling to troubleshoot--then it's worse than Windows for rebooting 
requirements.  But I'm pretty sure that's simply not true.

Otherwise this is meaningless:

$ sudo setenforce 0
$ sudo getenforce
Permissive

Also I'm a bit confused as to why the permissions on /home should affect 
/home/me if I've explicitly set them on /home/me and haven't defined 
some kind of ACL inheritance policy.  Is it the default that higher 
directories' permissions override lower ones in CentOS?  Or is it a 
Samba fileshare thing?  I would like to know exactly how this works, but 
in any case, I'll try moving the share and see how it goes.

Thanks,
Kev

On 2013-08-17 9:47 AM, Ricky Nance wrote:
> Have a look at
> http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html and
> you will probably have to reboot after making the changes. I have seen
> this cause more problems then not, so I would start with disabling it
> and see if it fixes your problem. Also since you are using a /home/me
> before your share, you need to make sure you have at least 755
> permissions in both /home and /home/me, it might be a good idea to make
> a directory named /srv/mytestshare instead.
>
> Ricky
>
>
> On Fri, Aug 16, 2013 at 8:14 PM, Kevin Field <kev at brantaero.com
> <mailto:kev at brantaero.com>> wrote:
>
>     Interestingly, I couldn't turn off selinux using their method:
>
>     $ sudo echo 0 > /selinux/enforce
>     -bash: /selinux/enforce: Permission denied
>
>     Perhaps it's a CentOS thing.  Anyway, `sudo setenforce 0` seemed to
>     work in that it didn't give me an error message, but OTOH didn't
>     seem to work in that the output of ls -alhDZ was the same:
>
>     drwxrwxr-x. me   me  unconfined_u:object_r:samba___share_t:s0
>     mytestshare
>
>     But in any case, it still gives me the same error from Windows.
>
>     Also something strange happened, after a while I could not navigate
>     to \\newdc without a similar error, but I had not been doing
>     anything in the system, so I'm not sure what might have caused it.
>       Running `sudo killall samba` and then `sudo samba` made it
>     suddenly be browseable again.  Maybe not related...not sure...
>
>     Anyway thanks for your help, Ricky.  Any other ideas?  BTW I had set
>     up the selinux permissions on the mytestshare dir per the HOWTO at
>     http://wiki.centos.org/HowTos/__SetUpSamba
>     <http://wiki.centos.org/HowTos/SetUpSamba> .  I'm pretty sure that's
>     why it says samba_share_t on the ls output above.
>
>     Kev
>
>
>     On 2013-08-16 11:52 AM, Ricky Nance wrote:
>
>         Temporarily turn off selinux, if that fixes your issue you will
>         need to
>         adjust the selinux rules to take care of the problem (or just
>         completely
>         disable selinux). Also if you do a ls -alhDZ
>         /home/me/mytestshare before
>         you turn it off it can tell you if selinux is on, then run that
>         again
>         after its turned off to confirm. You can read about
>         disabling/turning
>         off selinux
>         at�http://www.revsys.com/__writings/quicktips/turn-off-__selinux.html
>         <http://www.revsys.com/writings/quicktips/turn-off-selinux.html>
>
>         Ricky
>
>
>         On Thu, Aug 15, 2013 at 10:44 PM, Kevin Field <kev at brantaero.com
>         <mailto:kev at brantaero.com>
>         <mailto:kev at brantaero.com <mailto:kev at brantaero.com>>> wrote:
>
>              I have a share setup on a Samba 4.0.8 / CentOS 6.4 box that is
>              successfully replicating with a W2K3 server. �I'm following the
>              HOWTO here:
>         https://wiki.samba.org/index.____php/Setup_and_configure_file_____shares
>         <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares>
>
>
>         <https://wiki.samba.org/index.__php/Setup_and_configure_file___shares
>         <https://wiki.samba.org/index.php/Setup_and_configure_file_shares>>
>
>              [mytest]
>              � � � � path = /home/me/mytestshare <-- with or without
>         trailing slash
>              � � � � read only = No
>
>              On the W2K3 box, I can browse to \\newdc and I see my test
>         share
>              listed there. �I can also see it if I connect to newdc in
>         Computer
>              Management. �However, what I can't get from either of those
>         places
>              is a Security tab if I right-click the share and go to
>         Properties.
>              �There's a Share Permissions tab in CM only that says that
>         Everyone
>              has Full Control. Despite that, if I try to double-click
>         the share
>              in Explorer, I get:
>
>              ---------------------------
>              \\newdc
>              ---------------------------
>              \\newdc\mytest is not accessible. You might not have
>         permission to
>              use this network resource. Contact the administrator of
>         this server
>              to find out if you have access permissions.
>
>              Access is denied.
>
>              ---------------------------
>              OK
>              ---------------------------
>
>              My account has all privileges I can think of, including the
>              SeDiskOperatorPrivilege as laid out in the HOWTO.
>
>              Even if I chmod 777 /home/me/mytestshare I get this error.
>
>              What am I missing?
>
>              Thanks,
>              Kev
>              --
>              To unsubscribe from this list go to the following URL and
>         read the
>              instructions:
>https://lists.samba.org/____mailman/options/samba
>         <https://lists.samba.org/__mailman/options/samba>
>              <https://lists.samba.org/__mailman/options/samba
>         <https://lists.samba.org/mailman/options/samba>>
>
>
>


More information about the samba mailing list