Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
3.4. Configuration examples
The following examples provide real-world demonstrations of how SELinux complements the Samba server and how full function of the Samba server can be maintained.
3.4.1. Sharing directories you create
링크 복사링크가 클립보드에 복사되었습니다!
The following example creates a new directory, and shares that directory through Samba:
- Run the
rpm -q samba samba-common samba-clientcommand to confirm the samba, samba-common, and samba-client packages are installed. If any of these packages are not installed, install them by running theyum install package-namecommand as the root user. - Run the
mkdir /mysharecommand as the root user to create a new top-level directory to share files through Samba. - Run the
touch /myshare/file1command as the root user to create an empty file. This file is used later to verify the Samba share mounted correctly. - SELinux allows Samba to read and write to files labeled with the
samba_share_ttype, as long as/etc/samba/smb.confand Linux permissions are set accordingly. Run the following command as the root user to add the label change to file-context configuration:semanage fcontext -a -t samba_share_t "/myshare(/.*)?"
~]# semanage fcontext -a -t samba_share_t "/myshare(/.*)?"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the
restorecon -R -v /mysharecommand as the root user to apply the label changes:restorecon -R -v /myshare restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
~]# restorecon -R -v /myshare restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit
/etc/samba/smb.confas the root user. Add the following to the bottom of this file to share the/myshare/directory through Samba:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - A Samba account is required to mount a Samba file system. Run the
smbpasswd -a usernamecommand as the root user to create a Samba account, where username is an existing Linux user. For example,smbpasswd -a testusercreates a Samba account for the Linuxtestuseruser:smbpasswd -a testuser New SMB password: Enter a password Retype new SMB password: Enter the same password again Added user testuser.
~]# smbpasswd -a testuser New SMB password: Enter a password Retype new SMB password: Enter the same password again Added user testuser.Copy to Clipboard Copied! Toggle word wrap Toggle overflow Runningsmbpasswd -a username, where username is the user name of a Linux account that does not exist on the system, causes aCannot locate Unix account for 'username'!error. - Run the
service smb startcommand as the root user to start the Samba service:service smb start Starting SMB services: [ OK ]
~]# service smb start Starting SMB services: [ OK ]Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the
smbclient -U username -L localhostcommand to list the available shares, where username is the Samba account added in step 7. When prompted for a password, enter the password assigned to the Samba account in step 7 (version numbers may differ):Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the
mkdir /test/command as the root user to create a new directory. This directory will be used to mount themyshareSamba share. - Run the following command as the root user to mount the
myshareSamba share to/test/, replacing username with the user name from step 7:mount //localhost/myshare /test/ -o user=username
~]# mount //localhost/myshare /test/ -o user=usernameCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enter the password for username, which was configured in step 7. - Run the
ls /test/command to view thefile1file created in step 3:ls /test/ file1
~]$ ls /test/ file1Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}