3.4. Configuration examples
The following examples provide real-world demonstrations of how SELinux complements the Samba server and how full function of the Samba server can be maintained.
3.4.1. Sharing directories you create
The following example creates a new directory, and shares that directory through Samba:
- Run the
rpm -q samba samba-common samba-client
command to confirm the samba, samba-common, and samba-client packages are installed. If any of these packages are not installed, install them by running theyum install package-name
command as the root user. - Run the
mkdir /myshare
command as the root user to create a new top-level directory to share files through Samba. - Run the
touch /myshare/file1
command as the root user to create an empty file. This file is used later to verify the Samba share mounted correctly. - SELinux allows Samba to read and write to files labeled with the
samba_share_t
type, as long as/etc/samba/smb.conf
and Linux permissions are set accordingly. Run the following command as the root user to add the label change to file-context configuration:~]#
semanage fcontext -a -t samba_share_t "/myshare(/.*)?"
- Run the
restorecon -R -v /myshare
command as the root user to apply the label changes:~]#
restorecon -R -v /myshare
restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 - Edit
/etc/samba/smb.conf
as the root user. Add the following to the bottom of this file to share the/myshare/
directory through Samba:[myshare] comment = My share path = /myshare public = yes writable = no
- A Samba account is required to mount a Samba file system. Run the
smbpasswd -a username
command as the root user to create a Samba account, where username is an existing Linux user. For example,smbpasswd -a testuser
creates a Samba account for the Linuxtestuser
user:~]#
smbpasswd -a testuser
New SMB password: Enter a password Retype new SMB password: Enter the same password again Added user testuser.Runningsmbpasswd -a username
, where username is the user name of a Linux account that does not exist on the system, causes aCannot locate Unix account for 'username'!
error. - Run the
service smb start
command as the root user to start the Samba service:~]#
service smb start
Starting SMB services: [ OK ] - Run the
smbclient -U username -L localhost
command to list the available shares, where username is the Samba account added in step 7. When prompted for a password, enter the password assigned to the Samba account in step 7 (version numbers may differ):~]$
smbclient -U username -L localhost
Enter username's password: Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6] Sharename Type Comment --------- ---- ------- myshare Disk My share IPC$ IPC IPC Service (Samba Server Version 3.4.0-0.41.el6) username Disk Home Directories Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6] Server Comment --------- ------- Workgroup Master --------- ------- - Run the
mkdir /test/
command as the root user to create a new directory. This directory will be used to mount themyshare
Samba share. - Run the following command as the root user to mount the
myshare
Samba share to/test/
, replacing username with the user name from step 7:~]#
mount //localhost/myshare /test/ -o user=username
Enter the password for username, which was configured in step 7. - Run the
ls /test/
command to view thefile1
file created in step 3:~]$
ls /test/
file1