Contact for queries :

Login

  UpComing Live WebEx Workshop Series

SELinux Configuration for Samba

Due to the complexities of Samba and its integration with Windows, there are quite a few different Boolean values that you need to change.
Step 1. Query for available Boolean options:

# getsebool -a | egrep ‘(samba)|(smb)|(nmb)|(win)’
allow_httpd_mod_auth_ntlm_winbind –> off
allow_smbd_anon_write –> off
samba_create_home_dirs –> off
samba_domain_controller –> off
samba_enable_home_dirs –> off
samba_export_all_ro –> off
samba_export_all_rw –> off
samba_run_unconfined –> off
samba_share_fusefs –> off
samba_share_nfs –> off
use_samba_home_dirs –> off
virt_use_samba –> off
wine_mmap_zero_ignore –> off

Step 2. You need to change only a few settings for the shares to work properly:

# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1

Step 3. Verify that the changes have been made:

# getsebool -a | egrep ‘(samba)|(smb)|(nmb)|(win)’
allow_httpd_mod_auth_ntlm_winbind –> off
allow_smbd_anon_write –> off
samba_create_home_dirs –> off
samba_domain_controller –> off
samba_enable_home_dirs –> off
samba_export_all_ro –> on
samba_export_all_rw –> on
samba_run_unconfined –> off
samba_share_fusefs –> off
samba_share_nfs –> off
use_samba_home_dirs –> off
virt_use_samba –> off
wine_mmap_zero_ignore –> off

Don’t forget that you can always look up the available Boolean options in the  /selinux/booleans directory if you forget which options you need.
Another huge benefit with Samba is that if you read the comments in the main config file, it tells you which Boolean values need to be enabled for the different services that Samba can provide.
When creating  directories that you’d like to make into a Samba share, you can mark them as a Samba share with the correct SELinux context:

# chcon -Rt samba_share_t /opt/company_data

Now the directory is accessible to the Samba service.

November 15, 2015

0 responses on "SELinux Configuration for Samba"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

top
copyright protected - 2011 © igurkul I.T. solutions. All rights reserved.