problems with smb export on external usb drive
I had a drive with an ext3 filesystem in an old p2 running RH8 storing my mp3 files. I moved the drive into a USB enclosure attached to a laptop running FC4. The laptop mounted the fs on /media/media pretty much automatically. The problem is I can't export the /media/media FS with samba to mount on a windows host. I can export /media, and the xp box can see /media/cdrecorder, but /media/media is invisible. I have the following in various config files: from mount: automount(pid2427) on /net type autofs (rw,fd=4,pgrp=2427,minproto=2,maxproto=4) /dev/sda1 on /media/media type ext3 (rw,nosuid,nodev,_netdev,user=jim) in /etc/fstab: /dev/sda1 /media/media ext3 pamconsole,exec,noauto,managed 0 0 /dev/hdc /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 ls: [root@linuxlaptop /]# ls -al /media total 32 drwxr-xr-x 4 root root 4096 Mar 5 21:32 . drwxr-xr-x 27 root root 4096 Mar 5 11:13 .. drwxr-xr-x 2 root root 4096 Mar 5 11:14 cdrecorder drwxrwxrwx 247 root root 8192 Mar 1 09:29 media in smb.conf: ( I did have /media/media) [media] path = /media writeable = yes browseable = yes valid users = jim in /var/logs/samba/ (when path above was /media/media) [2006/02/28 21:03:28, 0] smbd/service.c:make_connection_snum(615) '/media/media' does not exist or is not a directory, when connecting to [media] Since I have a copy of the files on my xp box now, I was thinking of destroying the fs and recreating it, then putting all the data back. I just find it very strange that with the above smb.conf, I can mount /media as media on my xp box and I can see the cdrecorder directory but I can't see the media directory. Any advice on what might be wrong? Thanks.
On Sun, Mar 05, 2006 at 09:33:46PM -0500, Jim Dibb wrote:
[2006/02/28 21:03:28, 0] smbd/service.c:make_connection_snum(615) '/media/media' does not exist or is not a directory, when connecting to [media]
Since I have a copy of the files on my xp box now, I was thinking of destroying the fs and recreating it, then putting all the data back. I just find it very strange that with the above smb.conf, I can mount /media as media on my xp box and I can see the cdrecorder directory but I can't see the media directory.
Any advice on what might be wrong?
If you check FC4 /var/log/audit/audit.log, you will probably see that SELinux isn't allowing smbd to access that directory. Can you post part of audit.log around the time access is attempted, and also the security attributes on the directories? ls -lZ /media ls -lZ /media/media
On 3/6/06, Chuck Anderson <cra@wpi.edu> wrote:
On Sun, Mar 05, 2006 at 09:33:46PM -0500, Jim Dibb wrote:
[2006/02/28 21:03:28, 0] smbd/service.c:make_connection_snum(615) '/media/media' does not exist or is not a directory, when connecting to [media]
Since I have a copy of the files on my xp box now, I was thinking of destroying the fs and recreating it, then putting all the data back. I just find it very strange that with the above smb.conf, I can mount /media as media on my xp box and I can see the cdrecorder directory but I can't see the media directory.
Any advice on what might be wrong?
If you check FC4 /var/log/audit/audit.log, you will probably see that SELinux isn't allowing smbd to access that directory.
Can you post part of audit.log around the time access is attempted, and also the security attributes on the directories?
ls -lZ /media ls -lZ /media/media
I will do that tonight. Thanks!
On 3/6/06, Jim Dibb <jimdibb@gmail.com> wrote:
Any advice on what might be wrong?
If you check FC4 /var/log/audit/audit.log, you will probably see that SELinux isn't allowing smbd to access that directory.
Great answer, that was it. Only question I have is whether I have to
disable SeLinux control of smbd and nmbd or just smbd. Thanks!
On Mon, Mar 06, 2006 at 07:37:36PM -0500, Jim Dibb wrote:
If you check FC4 /var/log/audit/audit.log, you will probably see that SELinux isn't allowing smbd to access that directory.
Great answer, that was it. Only question I have is whether I have to disable SeLinux control of smbd and nmbd or just smbd. Thanks!
Those aren't really the proper answer. The correct solution is to label the filesystem for smbd access, or add the desired filesystem label to the policy. But I suppose your solution is ok, akin to disabling a firewall instead of unblocking the one port you need.
Ok, I'll look into those options. Thanks for the tips. On 3/6/06, Chuck Anderson <cra@wpi.edu> wrote:
On Mon, Mar 06, 2006 at 07:37:36PM -0500, Jim Dibb wrote:
If you check FC4 /var/log/audit/audit.log, you will probably see that SELinux isn't allowing smbd to access that directory.
Great answer, that was it. Only question I have is whether I have to disable SeLinux control of smbd and nmbd or just smbd. Thanks!
Those aren't really the proper answer. The correct solution is to label the filesystem for smbd access, or add the desired filesystem label to the policy.
But I suppose your solution is ok, akin to disabling a firewall instead of unblocking the one port you need. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Great answer, that was it. Only question I have is whether I have
to
disable SeLinux control of smbd and nmbd or just smbd. Thanks!
Those aren't really the proper answer. The correct solution is to label the filesystem for smbd access, or add the desired filesystem label to the policy.
But I suppose your solution is ok, akin to disabling a firewall instead of unblocking the one port you need.
So, I can't figure out how to change that. I thought I could do it by using the 'reset' and/or fixfiles functionality. That changed the ls display to [root@linuxlaptop media]# ls -lZ /media drwxr-xr-x root root system_u:object_r:mnt_t cdrecorder drwxrwxrwx root root system_u:object_r:mnt_t media /media/media was a file_t type before. But now I can mount "music" on my xp host, but cant see any files. [music] path = /media/media writeable = yes browseable = yes valid users = jim I get the following in the audit log. I have no idea why its referring to the trash file. Any more clues? Thanks. type=CWD msg=audit(1141778849.514:1463): cwd="/media/media" type=PATH msg=audit(1141778849.514:1463): item=0 name=2E2F3130302047756974617220536F6C6F732032312D3430 flags=1 inode=7061505 dev=08:01 mode=040775 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1141778849.514:1464): avc: denied { getattr } for pid=6755 comm="smbd" name=".Trash-jim" dev=sda1 ino=3997697 scontext=root:system_r:smbd_t tcontext=user_u:object_r:file_t tclass=dir type=SYSCALL msg=audit(1141778849.514:1464): arch=40000003 syscall=195 success=no exit=-13 a0=bf9ccc74 a1=bf9cd474 a2=589ff4 a3=bf9cd474 items=1 pid=6755 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=500 fsgid=500 comm="smbd" exe="/usr/sbin/smbd" type=AVC_PATH msg=audit(1141778849.514:1464): path="/media/media/.Trash-jim" type=CWD msg=audit(1141778849.514:1464): cwd="/media/media" type=PATH msg=audit(1141778849.514:1464): item=0 name="./.Trash-jim" flags=1 inode=3997697 dev=08:01 mode=040700 ouid=500 ogid=500 rdev=00:00 type=AVC msg=audit(1141778849.514:1465): avc: denied { getattr } for pid=6755 comm="smbd" name=31302C303030204D616E69616373 dev=sda1 ino=7749633 scontext=root:system_r:smbd_t tcontext=user_u:object_r:file_t tclass=dir type=SYSCALL msg=audit(1141778849.514:1465): arch=40000003 syscall=195 success=no exit=-13 a0=bf9ccc74 a1=bf9cd474 a2=589ff4 a3=bf9cd474 items=1 pid=6755 auid=4294967295 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=500 fsgid=500 comm="smbd" exe="/usr/sbin/smbd" type=AVC_PATH msg=audit(1141778849.514:1465): path=2F6D656469612F6D656469612F31302C303030204D616E69616373 type=CWD msg=audit(1141778849.514:1465): cwd="/media/media" type=PATH msg=audit(1141778849.514:1465): item=0 name=2E2F31302C303030204D616E69616373 flags=1 inode=7749633 dev=08:01 mode=040775 ouid=500 ogid=500 rdev=00:00
Sorry to followup to my own email but I eventually solved my problem by reformatting the filesystem and copying all the data back to it. I just couldn't get the security set right. I could mount the share, but not see any files on it. From that point I reformatted, without doing anything else, and everything worked fine from then on. THanks. ---------- Forwarded message ---------- From: Jim Dibb <jimdibb@gmail.com> Date: Mar 7, 2006 8:00 PM Subject: Re: [Wlug] problems with smb export on external usb drive To: Worcester Linux Users Group <wlug@mail.wlug.org>
Great answer, that was it. Only question I have is whether I have
to
disable SeLinux control of smbd and nmbd or just smbd. Thanks!
Those aren't really the proper answer. The correct solution is to label the filesystem for smbd access, or add the desired filesystem label to the policy.
But I suppose your solution is ok, akin to disabling a firewall instead of unblocking the one port you need.
participants (2)
-
Chuck Anderson -
Jim Dibb