(misc)-> (Parent)->selinux and samba (smb.conf)
submited by Russell Mon 20 Apr 09|
Once I installed a new version of fedora (FC10), even though I was using the exact same /etc/samba/smb.conf file I was getting errors when windows computers tried to connect to the server (the error said the resource did not exist, don't have the actual language) |
It turns out, *again* this is a selinux problem.
Changing the selinux mode to permissive enabled file sharing. I am doing my best to get this new computer running without turning off the whole security system, so I googled and found this which told me to disable selinux for just samba, but that didn't work:
It turns out that selinux has changed since that comment was written, and now the procedure has changed. I fixed it via the GUI tool, but it's also possible to do this on the command line:
# setsebool -P smbd_disable_trans 1
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean smbd_disable_trans
Could not change policy booleans
There are two selinux settings that can grant access for all files, either read only or read/write :samba_export_all_ro and samba_export_all_rw.
Once I enabled one of these ( in my case I needed read/write ) windows computers could once again access the server as well as see and change files.
What I have issue with is that apparently by default samba can "run unconfined scripts". ( It probably needs these to create users+user directorys) but it can't access files. ... The defaults don't seem to make sense. If the administrator is going to install the samba file server, then it should dam well be able to serve files ..
Add comment or question...: