Ce contenu n'est pas disponible dans la langue sélectionnée.

3.4. Configuration examples

The following examples provide real-world demonstrations of how SELinux complements the Samba server and how full function of the Samba server can be maintained.

3.4.1. Sharing directories you create
Copier lien

The following example creates a new directory, and shares that directory through Samba:

Run the rpm -q samba samba-common samba-client command to confirm the samba, samba-common, and samba-client packages are installed. If any of these packages are not installed, install them by running the yum install package-name command as the root user.
Run the mkdir /myshare command as the root user to create a new top-level directory to share files through Samba.
Run the touch /myshare/file1 command as the root user to create an empty file. This file is used later to verify the Samba share mounted correctly.
SELinux allows Samba to read and write to files labeled with the samba_share_t type, as long as /etc/samba/smb.conf and Linux permissions are set accordingly. Run the following command as the root user to add the label change to file-context configuration:
```
semanage fcontext -a -t samba_share_t "/myshare(/.*)?"
```
```
~]# semanage fcontext -a -t samba_share_t "/myshare(/.*)?"
```
Copy to Clipboard Toggle word wrap

Run the restorecon -R -v /myshare command as the root user to apply the label changes:

restorecon -R -v /myshare
restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

~]# restorecon -R -v /myshare
restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0

Copy to Clipboard

Toggle word wrap

Edit /etc/samba/smb.conf as the root user. Add the following to the bottom of this file to share the /myshare/ directory through Samba:
```
[myshare]
comment = My share
path = /myshare
public = yes
writable = no
```
```
[myshare]
comment = My share
path = /myshare
public = yes
writable = no
```
Copy to Clipboard Toggle word wrap
A Samba account is required to mount a Samba file system. Run the smbpasswd -a username command as the root user to create a Samba account, where username is an existing Linux user. For example, smbpasswd -a testuser creates a Samba account for the Linux testuser user:
```
smbpasswd -a testuser
New SMB password: Enter a password
Retype new SMB password: Enter the same password again
Added user testuser.
```
```
~]# smbpasswd -a testuser
New SMB password: Enter a password
Retype new SMB password: Enter the same password again
Added user testuser.
```
Copy to Clipboard Toggle word wrap
Running smbpasswd -a username, where username is the user name of a Linux account that does not exist on the system, causes a Cannot locate Unix account for 'username'! error.

Run the service smb start command as the root user to start the Samba service:

service smb start
Starting SMB services:                                     [  OK  ]

~]# service smb start
Starting SMB services:                                     [  OK  ]

Copy to Clipboard

Toggle word wrap

Run the smbclient -U username -L localhost command to list the available shares, where username is the Samba account added in step 7. When prompted for a password, enter the password assigned to the Samba account in step 7 (version numbers may differ):

smbclient -U username -L localhost
Enter username's password:
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Sharename       Type      Comment
---------       ----      -------
myshare         Disk      My share
IPC$            IPC       IPC Service (Samba Server Version 3.4.0-0.41.el6)
username        Disk      Home Directories
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Server               Comment
---------            -------

Workgroup            Master
---------            -------

~]$ smbclient -U username -L localhost
Enter username's password:
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Sharename       Type      Comment
---------       ----      -------
myshare         Disk      My share
IPC$            IPC       IPC Service (Samba Server Version 3.4.0-0.41.el6)
username        Disk      Home Directories
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Server               Comment
---------            -------

Workgroup            Master
---------            -------

Copy to Clipboard

Toggle word wrap

Run the mkdir /test/ command as the root user to create a new directory. This directory will be used to mount the myshare Samba share.
Run the following command as the root user to mount the myshare Samba share to /test/, replacing username with the user name from step 7:
```
mount //localhost/myshare /test/ -o user=username
```
```
~]# mount //localhost/myshare /test/ -o user=username
```
Copy to Clipboard Toggle word wrap
Enter the password for username, which was configured in step 7.
Run the ls /test/ command to view the file1 file created in step 3:
```
ls /test/
file1
```
```
~]$ ls /test/
file1
```
Copy to Clipboard Toggle word wrap

Ce contenu n'est pas disponible dans la langue sélectionnée.

3.4. Configuration examples

3.4.1. Sharing directories you create
Copier lien

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

Ce contenu n'est pas disponible dans la langue sélectionnée.

3.4. Configuration examples

3.4.1. Sharing directories you createCopier lienLien copié sur presse-papiers!

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

3.4.1. Sharing directories you create
Copier lien