hi all
im sharing via samba a folder that is a DocumentRoot for Apache,as of now SELINUX is permissive because samba access cannot be shared when SELINUX is enforced/enabled
Details
Web
[root@server html]# pwd
/var/www/html
[root@serverhtml]# ls -ldZ webfolder
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 webfolder
[root@server html]#
smb.conf
#======================= Global Settings =====================================
[global]
workgroup = DOMAIN
security = share
map to guest = bad user
#============================ Share Definitions ==============================
[WeB Dev]
path = /var/www/html/webfolder
valid users = web-dev
#invalid users = app-dev
guest ok = no
writable = yes
browsable = yes
already tested this SELINUX disabled and YES i can access the samba share,
ty in advance
Samba Apache Selinux Query [SOLVED]
Samba Apache Selinux Query [SOLVED]
Last edited by taliez on 2015/09/02 01:18:44, edited 2 times in total.
Re: Samba Apache Selinux Query
So what do you want accessible over HTTP or Samba?
Context types is the key here.
Although you could allow SMB access to the HTTP types...
Context types is the key here.
Although you could allow SMB access to the HTTP types...
Re: Samba Apache Selinux Query
Both sir but you can apply 1 context right?aks wrote:So what do you want accessible over HTTP or Samba?
Context types is the key here.
Although you could allow SMB access to the HTTP types...
this is accessible via HTTP already what i want , same folder(webfolder) to be shared as a SAMBA share
thanks in advance
Re: Samba Apache Selinux Query
From memory, I think you could:
1) Allow samba read/write access everywhere: setsebool -P samba_export_all_rw 1
or if you want to be a little more descrite about it:
1) chcon -t public_content_rw_t /var/www/html
2) setsebool -P allow_smbd_anon_write 1
3) setsebool -P allow_httpd_anon_write 1
This should allow both Samaba and Apache write access to public_content_rw_t context.
There are other hints here: http://selinuxproject.org/page/SambaRecipes
Some info about selinux booleans: https://wiki.centos.org/TipsAndTricks/SelinuxBooleans
1) Allow samba read/write access everywhere: setsebool -P samba_export_all_rw 1
or if you want to be a little more descrite about it:
1) chcon -t public_content_rw_t /var/www/html
2) setsebool -P allow_smbd_anon_write 1
3) setsebool -P allow_httpd_anon_write 1
This should allow both Samaba and Apache write access to public_content_rw_t context.
There are other hints here: http://selinuxproject.org/page/SambaRecipes
Some info about selinux booleans: https://wiki.centos.org/TipsAndTricks/SelinuxBooleans
Re: Samba Apache Selinux Query
aks wrote:From memory, I think you could:
1) Allow samba read/write access everywhere: setsebool -P samba_export_all_rw 1
or if you want to be a little more descrite about it:
1) chcon -t public_content_rw_t /var/www/html
2) setsebool -P allow_smbd_anon_write 1
3) setsebool -P allow_httpd_anon_write 1
This should allow both Samaba and Apache write access to public_content_rw_t context.
There are other hints here: http://selinuxproject.org/page/SambaRecipes
Some info about selinux booleans: https://wiki.centos.org/TipsAndTricks/SelinuxBooleans
thank you very much this really HELPED
thank you again