3.4.2. Sharing a website
It may not be possible to label files with the
samba_share_t
type, for example, when wanting to share a website in /var/www/html/
. For these cases, use the samba_export_all_ro
Boolean to share any file or directory (regardless of the current label), allowing read only permissions, or the samba_export_all_rw
Boolean to share any file or directory (regardless of the current label), allowing read and write permissions.
The following example creates a file for a website in
/var/www/html/
, and then shares that file through Samba, allowing read and write permissions. This example assumes the httpd, samba, samba-common, samba-client, and wget packages are installed:
- As the root user, create a
/var/www/html/file1.html
file. Copy and paste the following content into/var/www/html/file1.html
:<html> <h2>File being shared through the Apache HTTP Server and Samba.</h2> </html>
- Run the
ls -Z /var/www/html/file1.html
command to view the SELinux context offile1.html
:~]$
ls -Z /var/www/html/file1.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/file1.htmlfile1.index.html
is labeled with thehttpd_sys_content_t
. By default, the Apache HTTP Server can access this type, but Samba cannot. - Run the
service httpd start
command as the root user to start the Apache HTTP Server:~]#
service httpd start
Starting httpd: [ OK ] - Change into a directory your user has write access to, and run the
wget http://localhost/file1.html
command. Unless there are changes to the default configuration, this command succeeds:~]$
wget http://localhost/file1.html
Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 84 [text/html] Saving to: `file1.html.1' 100%[=======================>] 84 --.-K/s in 0s `file1.html.1' saved [84/84] - Edit
/etc/samba/smb.conf
as the root user. Add the following to the bottom of this file to share the/var/www/html/
directory through Samba:[website] comment = Sharing a website path = /var/www/html/ public = no writable = no
- The
/var/www/html/
directory is labeled with thehttpd_sys_content_t
type. By default, Samba cannot access files and directories labeled with thehttpd_sys_content_t
type, even if Linux permissions allow it. To allow Samba access, run the following command as the root user to enable thesamba_export_all_ro
Boolean:~]#
setsebool -P samba_export_all_ro on
Do not use the-P
option if you do not want the change to persist across reboots. Note that enabling thesamba_export_all_ro
Boolean allows Samba to access any type. - Run
service smb start
as the root user to startsmbd
:~]#
service smb start
Starting SMB services: [ OK ]