The Short Story
I had a problem where windows kept giving me an "access denied" error when I tried to access a file share from Linux. Using the following commands allowed it to work:
semanage fcontext -a -t samba_share_t "<share>"
setsebool -P samba_share_fusefs 1
The Long Story
After converting a Windows system to a Linux system (Fedora 10), I wanted to be able to use it as a file server via Samba and furthermore to be able to access my old hard drive.The initial problem was that I could create the share, but I could not use it via windows. Whenever I tried I received a "permission denied" error. I tried making the share world readable, etc. but this did not help.
The "secure linux troubleshooter" --- SETroubleShooter, which I found from the application>system tools menu, had a good suggestion for the solution to the problem:
semanage fcontext -a -t samba_share_t "<share>"
This allowed Samba to share the part of the disk that I had set aside for the file server. All well and good. Then I tried to share the old system disk.
This required some special mounting options because it was formatted with NTFS. Here is the entry from /etc/mtab:
/dev/sda2 /export/whatever fuseblk rw,allow_other,blksize=4096 0 0
The system was able to mount the volume and I could ls around it etc., but trying to share it via Samba failed. I couldn't figure out what was going on until I tried disabling SELinux entirely via the following:
echo 0 > /selinux/enforce
I then tried the share and it worked. I then reenabled SELinux:
echo 1 > /selinux/enforce
At this point I felt like turning off SELinux and leaving it off, but some additional looking around on the web turned up this command:
setsebool -P samba_share_fusefs 1
For whatever reason, SELinux needs to be told separately that it should let Samba share NTFS file systems as well as regular file systems.
All this may sound nice and easy, but it took hours of hair-tearing and glaring at the monitor. I found that SELinux/Samba interactions are not anywhere near as well documented as regular Samba problems.
I found the following pages to be useful in troubleshooting this problem:
Hi, Just like to tell you that this piece of info is one quick to the point, no nonsense, workable and effective way to have directories shared in Solaris as fast as possible. It worked for me and thank you for the effort. Keep up the good work.
ReplyDeleteOh my God, You're the man! I would have never guessed it was SELinux blocking me!
ReplyDelete