3

I'm trying to setup a samba server to share data among clients via cifs. As a test, I mounted the samba share on the same machine and tried to access the contents of the directory. The mount command was:

mount -t cifs -o username=sthomaso,workgroup=WORKGROUP //server/scratch /mnt/server/scratch

...which worked fine after entering the password. Although I can cd /mnt/server/scratch, when I try to list the contents of the directory with ls, I get error ls: reading directory .: Permission denied.

On the server, my /etc/samba/smb.conf is:

[global]
    security = user
    workgroup = WORKGROUP

[homes]
    writeable = yes

[scratch]
    path = /var/scratch
    valid users = @feausers
    writeable = yes

User "sthomaso" was added to tdbsam with command:

pdbedit -a -u sthomaso

User "sthomaso" is in group "feausers", verified with the "groups sthomaso" command.

/bin/ls -lF /var | grep scratch shows:

drwxrwx--T. 2 root feausers 4096 Jun 14 14:40 scratch/

/var/log/samba/log.smbd contains validation of a successful connection in line:

<snip> smbd/service.c:1070(make_connection_snum)
<snip> connect to service scratch initially as user sthomaso (uid=500, gid=501) (pid 99999)

So it looks like I am successfully mounting the share, but why can't I read the directory and access the files?

Improve this question
1
  • Forgot to mention...this is RHEL 6.1 Commented Jun 15, 2011 at 18:27

2 Answers 2

Reset to default
3

FYI, I got some help from Red Hat...the problem was SELinux restricting permissions. I don't need the control offered by SELinux, so I just disabled it by editing /etc/selinux/config and restarting.

Improve this answer
3

The more appropriate answer to this issue is stated at the top of the /etc/samba/smb.conf.example file:

Use the samba_export_all_ro or samba_export_all_rw Boolean to share system directories.  To share such directories and only allow read-only permissions:
setsebool -P samba_export_all_ro on
To share such directories and allow read and write permissions:  
setsebool -P samba_export_all_rw on

Also if you look at the setroubleshoot log generated by auditd it gives you several suggestions on how to potentially fix your issue with a relative confidence level from 1-100.

To view these logs and suggestions run:sealert -a /var/log/audit/audit.log

In short, to fix this issue run the command:setsebool -P samba_export_all_rw on

Then restart the service.

Edit:

Additionally ensure you apply the appropriate selinux context to your samba share directory by using the following command:

semanage fcontext -a -t samba_share_t "/PATH_TO_SHARE(/.*)?"
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.