The problem of Samba and selinux in the RHCE exam

RHCE Simulation Exam configuration Samba service, share out/groupdir directory, requires only 192.168.0.0/24 and 192.168.1.0/24 and 127.0.0.1 can access, share out the name is [common], users can not see, Only the student group has the Write permission, at the same time, to the student group of each user's home directory is also shared, and requires selinux must be enforcing. This will prevent Samba from logging on.

The solution is to change the SELinux permissions of the directory.

#yum Install Samba Installation

# service SMB restart//Start Samba service

# chkconfig SMB on//set to start Samba service automatically

# Mkdir/groupdir

# chown Root:student/groupdir

# chmod 3777/home/share//change sharefile usage rights, give sgid and sticky permissions

# smbpasswd-a Student1//Add passwd to Student1

# vim/etc/samba/smb.conf//Enter config file

(The Goble section modifies the following three)

Workgroup =workgroup//If there is no special requirement, it is recommended to modify the default group name to Windows system workgroup

NetBIOS name = guest200x

The hosts allow = 127. 192.168.0.192.168.1.

(===share definition part = = = = = =)

[Home]//home directory is generally the default share

Comment = Home directories

browseable = no//cannot be found

writable = no//write not allowed (can be set according to need)

[Common]

Comment = Yangbang

Path =/groupdir//Paths for shared folders

public = no//cannot log on anonymously

browseable = No

writable = no

Write list = @student//indicates that the user in this group is compliant

Valid users = @student

#/ETC/INIT.D/SMB Restart//Restart service

# smbclient-l 192.168.0.x-n//Test View sharing status (browseable = yes to see)

# Getsebool-a | grep Samba//View the Boolean value in Samba

# setsebool-p Samba_enable_home_dirs on//modify SELinux permissions to log in to the home directory

(SELinux boolean value modified, still cannot log on, then also need the SELinux property of the file directory)

# chcon-t samba_share_t/*//Change the properties of the SELinux security context for the file directory, which can be viewed in #ll-z/groupdir

# chcon-t samba_share_t/groupdir///Change the properties of the SELinux security context for the file directory

Orenable the following two lines in the smb.conf (remove the beginning of the line; number is OK)
setsebool-p Samba_domain_controller on setsebool-p Samba_enable_home_dirson These two lines take effect, their home directory will be able to read and write normally.
If you want to set the/home/samba/temp directory to full sharing, you should write the input in the character state: Chcon-t Samba_share_t/home/samba/temp and don't forget to/home/samba/ The Temp directory property is set to 777.

# smbclient//192.168.1.107/common-u student1 Test

This article from "Tiger's Technical Homeland" blog, declined reprint!

The problem of Samba and selinux in the RHCE exam