SElinux samba/ httpd/

Support for security such as Firewalls and securing linux
Post Reply
supertight
Posts: 171
Joined: 2017/02/07 21:47:51

SElinux samba/ httpd/

Post by supertight » 2017/05/20 03:20:19

I have apache 2 running with root folder "/var/www/html/nbseven.info" .
I also have the root folder "/var/www/html/nbseven.info" setup for a samba share. So I can edit the files from a windows machine.

I'm having problems with the selinux. httpd was hosting my index.html file with no issue. The problem began when setting the permissions samba.

for the samba share, I passed :

Code: Select all

chcon -t samba_share_t nbseven.info/
This locked httpd out of the file. httpd was still running. However, httpd was showing the default page. Not my index page.
I determined selinux was my problem by toggling "setenforce" and being able to view the proper index.html page.

Attempting to fix, allowing both samba and httpd access to the folder:

Code: Select all

chcon -t public_content_rw_t /var/www
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1
This did not repair my configuration.
Can anyone see where I'm off?

Thank you for reading.

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: SElinux samba/ httpd/

Post by supertight » 2017/05/21 01:16:02

I cleared selinux and reloaded to default settings. Passed the above commands and boom. they are up and showing the correct index.html pages.

peterhoth
Posts: 1
Joined: 2017/05/28 16:46:08

Re: SElinux samba/ httpd/

Post by peterhoth » 2017/05/28 16:49:23

hi supertight, may i know how did you 'cleared selinux' ? Did you disable it ?

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: SElinux samba/ httpd/

Post by supertight » 2017/06/02 22:10:57

peterhoth wrote:hi supertight, may i know how did you 'cleared selinux' ? Did you disable it ?

Code: Select all

# setenforce 0
# yum erase selinux\*
# rm -rf /etc/selinux
# yum install selinux-policy-targeted 
# touch /.autorelabel
# reboot

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: SElinux samba/ httpd/

Post by aks » 2017/06/05 18:13:04

# setenforce 0
Set to permissive mode.
# yum erase selinux\*
Remove SELinux
# rm -rf /etc/selinux
And then some!
# yum install selinux-policy-targeted
Now install se....
# touch /.autorelabel
Relabel on a Permissive setting.

The problem revolves around the default policy set. The place (/var/www/html) is defined as "good" for HTTP, not CIFS. The way to fix it to add a new type to fcontexts, but that is probably more complex than you are prepared to do (you've effectively disabled SELinux).

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SElinux samba/ httpd/

Post by TrevorH » 2017/06/05 18:22:22

In reality I suspect only the last step of those was required - the autorelabel.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply