If you don't have audit2why, first install it: # yum install policycoreutils-python Then you can run this command and it should tell you why it was denied and propose way to fix it: # cat /var/log/audit/audit.log* | audit2why You can check these SELinux booleans and turn on the one(s) you need, perhaps samba_enable_home_dirs or samba_export_all_ro/rw. # getsebool -a|grep -i smb smbd_anon_write --> off # getsebool -a | grep -i samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_load_libgfapi --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off tmpreaper_use_samba --> off use_samba_home_dirs --> off virt_use_samba --> off e.g. # setsebool -P samba_enable_home_dirs=on On Sat, Dec 19, 2020 at 10:19:24PM -0500, Mher Mnatsakanyan via WLUG wrote:
Hi everyone.
I hope everything is well with all of you and yours.
I have a question and need help please.
I installed a Samba server on CentOS8 which works well.
When I try to mount the share from that Samba server on the client side I get a permission denied error. When I set SELinux from Enforcing to Permissive mode it seems to be mounting and the permission denied error goes away. Any suggestions how I can do the same with SELinux enforcing mode?
Thank you very much in advance.
Respectfully, Mher Mnatsakanyan
This is a perfect explanation Chuck. Thanks a lot :-) On Sat, 19 Dec 2020 at 23:24, Chuck Anderson via WLUG <wlug@lists.wlug.org> wrote:
If you don't have audit2why, first install it:
# yum install policycoreutils-python
Then you can run this command and it should tell you why it was denied and propose way to fix it:
# cat /var/log/audit/audit.log* | audit2why
You can check these SELinux booleans and turn on the one(s) you need, perhaps samba_enable_home_dirs or samba_export_all_ro/rw.
# getsebool -a|grep -i smb smbd_anon_write --> off # getsebool -a | grep -i samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_load_libgfapi --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off tmpreaper_use_samba --> off use_samba_home_dirs --> off virt_use_samba --> off
e.g.
# setsebool -P samba_enable_home_dirs=on
On Sat, Dec 19, 2020 at 10:19:24PM -0500, Mher Mnatsakanyan via WLUG wrote:
Hi everyone.
I hope everything is well with all of you and yours.
I have a question and need help please.
I installed a Samba server on CentOS8 which works well.
When I try to mount the share from that Samba server on the client side I get a permission denied error. When I set SELinux from Enforcing to Permissive mode it seems to be mounting and the permission denied error goes away. Any suggestions how I can do the same with SELinux enforcing mode?
Thank you very much in advance.
Respectfully, Mher Mnatsakanyan
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/7I7X4V...
"Chuck" == Chuck Anderson via WLUG <wlug@lists.wlug.org> writes:
Chuck> If you don't have audit2why, first install it: Chuck> # yum install policycoreutils-python Chuck> Then you can run this command and it should tell you why it was Chuck> denied and propose way to fix it: Chuck> # cat /var/log/audit/audit.log* | audit2why Chuck> You can check these SELinux booleans and turn on the one(s) you Chuck> need, perhaps samba_enable_home_dirs or samba_export_all_ro/rw. This is damn genius! I wish there was a version for PAM as well, which is another damn black magic toolkit written by people way too smart for their own good. Keep it simple folks... Chuck> # getsebool -a|grep -i smb Chuck> smbd_anon_write --> off Chuck> # getsebool -a | grep -i samba Chuck> samba_create_home_dirs --> off Chuck> samba_domain_controller --> off Chuck> samba_enable_home_dirs --> off Chuck> samba_export_all_ro --> off Chuck> samba_export_all_rw --> off Chuck> samba_load_libgfapi --> off Chuck> samba_portmapper --> off Chuck> samba_run_unconfined --> off Chuck> samba_share_fusefs --> off Chuck> samba_share_nfs --> off Chuck> sanlock_use_samba --> off Chuck> tmpreaper_use_samba --> off Chuck> use_samba_home_dirs --> off Chuck> virt_use_samba --> off Chuck> e.g. Chuck> # setsebool -P samba_enable_home_dirs=on Chuck> On Sat, Dec 19, 2020 at 10:19:24PM -0500, Mher Mnatsakanyan via WLUG wrote:
Hi everyone.
I hope everything is well with all of you and yours.
I have a question and need help please.
I installed a Samba server on CentOS8 which works well.
When I try to mount the share from that Samba server on the client side I get a permission denied error. When I set SELinux from Enforcing to Permissive mode it seems to be mounting and the permission denied error goes away. Any suggestions how I can do the same with SELinux enforcing mode?
Thank you very much in advance.
Respectfully, Mher Mnatsakanyan Chuck> _______________________________________________ Chuck> WLUG mailing list -- wlug@lists.wlug.org Chuck> To unsubscribe send an email to wlug-leave@lists.wlug.org Chuck> Create Account: https://wlug.mailman3.com/accounts/signup/ Chuck> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Chuck> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/7I7X4V...
participants (3)
-
Chuck Anderson -
John Stoffel -
Mher Mnatsakanyan