Scroll to navigation

samba_selinux(8) Samba Selinux Policy documentation samba_selinux(8)

NAME

samba_selinux - Security Enhanced Linux Policy for Samba

DESCRIPTION

Security-Enhanced Linux secures the Samba server via flexible mandatory access control.

FILE_CONTEXTS

SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. If you want to share files other than home directories, those files must be labeled samba_share_t. So if you created a special directory /var/eng, you would need to label the directory with the chcon tool.

/var/eng(/.*)? system_u:object_r:samba_share_t:s0

SHARING FILES

If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute:

setsebool -P allow_smbd_anon_write=1

BOOLEANS

SELinux policy is customizable based on least access required. So by default SELinux policy turns off SELinux sharing of home directories and the use of Samba shares from a remote machine as a home directory.

setsebool -P samba_enable_home_dirs 1

setsebool -P use_samba_home_dirs 1

AUTHOR

This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

selinux(8), samba(7), chcon(1), setsebool(8), semanage(8)

17 Jan 2005 dwalsh@redhat.com