Este conteúdo não está disponível no idioma selecionado.

2.4.3. Sharing files between services

Type Enforcement helps prevent processes from accessing files intended for use by another process. For example, by default, Samba cannot read files labeled with the httpd_sys_content_t type, which are intended for use by the Apache HTTP Server. Files can be shared between the Apache HTTP Server, FTP, rsync, and Samba, if the desired files are labeled with the public_content_t or public_content_rw_t type.

The following example creates a directory and files, and allows that directory and files to be shared (read only) through the Apache HTTP Server, FTP, rsync, and Samba:

Run the mkdir /shares command as the root user to create a new top-level directory to share files between multiple services.
Files and directories that do not match a pattern in file-context configuration may be labeled with the default_t type. This type is inaccessible to confined services:
```
ls -dZ /shares
```
```
~]$ ls -dZ /shares
drwxr-xr-x  root root unconfined_u:object_r:default_t:s0 /shares
```
Copy to Clipboard Toggle word wrap
As the root user, create a /shares/index.html file. Copy and paste the following content into /shares/index.html:
```
<html>
<body>
Hello
</body>
</html>
```
```
<html>
<body>
Hello
</body>
</html>
```
Copy to Clipboard Toggle word wrap
Labeling /shares/ with the public_content_t type allows read-only access by the Apache HTTP Server, FTP, rsync, and Samba. Run the following command as the root user to add the label change to file-context configuration:
```
semanage fcontext -a -t public_content_t "/shares(/.*)?"
```
```
~]# semanage fcontext -a -t public_content_t "/shares(/.*)?"
```
Copy to Clipboard Toggle word wrap

Run the restorecon -R -v /shares/ command as the root user to apply the label changes:

restorecon -R -v /shares/

~]# restorecon -R -v /shares/
restorecon reset /shares context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0
restorecon reset /shares/index.html context unconfined_u:object_r:default_t:s0->system_u:object_r:public_content_t:s0

Copy to Clipboard

Toggle word wrap

To share /shares/ through Samba:

Run the rpm -q samba samba-common samba-client command to confirm the samba, samba-common, and samba-client packages are installed (version numbers may differ):
```
rpm -q samba samba-common samba-client
```
```
~]$ rpm -q samba samba-common samba-client
samba-3.4.0-0.41.el6.3.i686
samba-common-3.4.0-0.41.el6.3.i686
samba-client-3.4.0-0.41.el6.3.i686
```
Copy to Clipboard Toggle word wrap
If any of these packages are not installed, install them by running the yum install package-name command as the root user.

Edit /etc/samba/smb.conf as the root user. Add the following entry to the bottom of this file to share the /shares/ directory through Samba:

[shares]
comment = Documents for Apache HTTP Server, FTP, rsync, and Samba
path = /shares
public = yes
writable = no

[shares]
comment = Documents for Apache HTTP Server, FTP, rsync, and Samba
path = /shares
public = yes
writable = no

Copy to Clipboard

Toggle word wrap

A Samba account is required to mount a Samba file system. Run the smbpasswd -a username command as the root user to create a Samba account, where username is an existing Linux user. For example, smbpasswd -a testuser creates a Samba account for the Linux testuser user:
```
smbpasswd -a testuser
```
```
~]# smbpasswd -a testuser
New SMB password: Enter a password
Retype new SMB password: Enter the same password again
Added user testuser.
```
Copy to Clipboard Toggle word wrap
Running smbpasswd -a username, where username is the user name of a Linux account that does not exist on the system, causes a Cannot locate Unix account for 'username'! error.
Run the service smb start command as the root user to start the Samba service:
```
service smb start
```
```
~]# service smb start
Starting SMB services:                                     [  OK  ]
```
Copy to Clipboard Toggle word wrap

Run the smbclient -U username -L localhost command to list the available shares, where username is the Samba account added in step 3. When prompted for a password, enter the password assigned to the Samba account in step 3 (version numbers may differ):

smbclient -U username -L localhost

~]$ smbclient -U username -L localhostsmbclient -U username -L localhostsmbclient -U username -L localhost
Enter username's password:
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Sharename       Type      Comment
---------       ----      -------
shares          Disk      Documents for Apache HTTP Server, FTP, rsync, and Samba
IPC$            IPC       IPC Service (Samba Server Version 3.4.0-0.41.el6)
username        Disk      Home Directories
Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]

Server               Comment
---------            -------

Workgroup            Master
---------            -------

Copy to Clipboard

Toggle word wrap

Run the mkdir /test/ command as the root user to create a new directory. This directory will be used to mount the shares Samba share.
Run the following command as the root user to mount the shares Samba share to /test/, replacing username with the user name from step 3:
```
mount //localhost/shares /test/ -o user=username
```
```
~]# mount //localhost/shares /test/ -o user=usernamemount //localhost/shares /test/ -o user=username
```
Copy to Clipboard Toggle word wrap
Enter the password for username, which was configured in step 3.
Run the cat /test/index.html command to view the file, which is being shared through Samba:
```
cat /test/index.html
<html>
<body>
Hello
</body>
</html>
```
```
~]$ cat /test/index.html
<html>
<body>
Hello
</body>
</html>
```
Copy to Clipboard Toggle word wrap

To share /shares/ through the Apache HTTP Server:

Run the rpm -q httpd command to confirm the httpd package is installed (version number may differ):
```
rpm -q httpd
```
```
~]$ rpm -q httpd
httpd-2.2.11-6.i386
```
Copy to Clipboard Toggle word wrap
If this package is not installed, run the yum install httpd command as the root user to install it.
Change into the /var/www/html/ directory. Run the following command as the root user to create a link (named shares) to the /shares/ directory:
```
ln -s /shares/ shares
```
```
~]# ln -s /shares/ shares
```
Copy to Clipboard Toggle word wrap
Run the service httpd start command as the root user to start the Apache HTTP Server:
```
service httpd start
```
```
~]# service httpd start
Starting httpd:                                            [  OK  ]
```
Copy to Clipboard Toggle word wrap
Use a web browser to navigate to http://localhost/shares. The /shares/index.html file is displayed.

By default, the Apache HTTP Server reads an index.html file if it exists. If /shares/ did not have index.html, and instead had file1, file2, and file3, a directory listing would occur when accessing http://localhost/shares:

Run the rm -i /shares/index.html command as the root user to remove the index.html file.

Run the touch /shares/file{1,2,3} command as the root user to create three files in /shares/:

touch /shares/file{1,2,3}
ls -Z /shares/

~]# touch /shares/file{1,2,3}
~]# ls -Z /shares/
-rw-r--r--  root root system_u:object_r:public_content_t:s0 file1
-rw-r--r--  root root unconfined_u:object_r:public_content_t:s0 file2
-rw-r--r--  root root unconfined_u:object_r:public_content_t:s0 file3

Copy to Clipboard

Toggle word wrap

Run the service httpd status command as the root user to see the status of the Apache HTTP Server. If the server is stopped, run service httpd start as the root user to start it.
Use a web browser to navigate to http://localhost/shares. A directory listing is displayed:

View larger image

Este conteúdo não está disponível no idioma selecionado.

2.4.3. Sharing files between services

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Tornando o open source mais inclusivo

Sobre a Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links