{"id":1137,"date":"2011-08-31T11:14:33","date_gmt":"2011-08-31T09:14:33","guid":{"rendered":"https:\/\/thebc.ch\/blog\/?p=1137"},"modified":"2013-02-01T12:52:03","modified_gmt":"2013-02-01T11:52:03","slug":"selinux-and-samba","status":"publish","type":"post","link":"https:\/\/thebc.ch\/blog\/?p=1137","title":{"rendered":"SELinux, Samba, rsync and (maybe) others"},"content":{"rendered":"<p>Those who installed Samba on Fedora or any other SELinux enabled  distribution may have faced the problem when they actually cannot access  any Samba shares from their Windows machines.  Samba logs in <em>\/var\/samba\/log<\/em> may show lots of such messages:<\/p>\n<pre>[2007\/07\/03 16:37:44, 0] smbd\/service.c:make_connection_snum(911)\r\n'\/opt\/blah' does not exist or permission denied when connecting to\r\n[blah]   Error was Permission denied<\/pre>\n<ul>\n<li>This is probably an SELinux problem and to fix it you\u00e2\u20ac\u2122ll need to execute:<\/li>\n<pre>chcon -R -t samba_share_t \/opt<\/pre>\n<li><em><strong>That would be correctly like that if you only samba needs, but if you use other services like rsync or such who are public, you better use the following string:<\/strong><\/em><\/li>\n<pre>chcon -R -t public_content_t\u00c2\u00a0 \/opt<\/pre>\n<li>In  order to survive a relabel add these lines to <em>\/etc\/selinux\/targeted\/contexts\/files\/file_contexts<\/em> file (if you are using <em>targeted<\/em> policy):\n<pre>\/opt(\/.*)?  system_u:object_r:samba_share_t:s0<\/pre>\n<\/li>\n<li><em><strong>Or evenly<\/strong><\/em><\/li>\n<pre>\/opt(\/.*)?  system_u:object_r:public_content_t:s0<\/pre>\n<li>Execute:\n<pre>restorecon -v -R \/opt\/<\/pre>\n<\/li>\n<p>This will set appropriate SELinux context on all files in <em>\/opt<\/em> directory and SELinux won\u00e2\u20ac\u2122t prevent Samba access anymore.<\/p>\n<p>&nbsp;<\/p>\n<li>To allow Samba read\/write to directories with SELinux execute the following:<\/li>\n<pre>setsebool -P samba_export_all_rw 1<\/pre>\n<li>To allow Samba to share your home directories with SELinux execute the following:<\/li>\n<pre>setsebool -P samba_enable_home_dirs 1<\/pre>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Those who installed Samba on Fedora or any other SELinux enabled distribution may have faced the problem when they actually cannot access any Samba shares from their Windows machines. Samba logs in \/var\/samba\/log may show lots of such messages: [2007\/07\/03 &hellip; <a href=\"https:\/\/thebc.ch\/blog\/?p=1137\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,10,5,13],"tags":[44,43,42],"class_list":["post-1137","post","type-post","status-publish","format-standard","hentry","category-centos","category-fedora","category-linux","category-security","tag-rsync","tag-samba","tag-selinux"],"_links":{"self":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1137"}],"version-history":[{"count":14,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1137\/revisions"}],"predecessor-version":[{"id":2646,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1137\/revisions\/2646"}],"wp:attachment":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}