Samba Vs. Firewall And/or SELinux

Home » CentOS » Samba Vs. Firewall And/or SELinux
CentOS 12 Comments

Hi all.

I created a smb-share on my el6 for all windows-pcs in my home-network (I’m the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can’t open it. The error-message ist “Share not found” on our preferred language of course!

SELINUX-CONFIG
sh-4.1# cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

/data(/.*)? system_u:object_r:samba_share_t:s0

FIREWALL-CONFIG (Port 901 is for SWAT)
sh-4.1# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Dec 20 17:28:14 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m state –state NEW -m tcp –dport 901 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 139 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
COMMIT
# Completed on Thu Dec 20 17:28:14 2012

SAMBA-CONFIG “Alice im Wunderland” is the testfile I uploaded with disabled Firewall and disabled SELinux sh-4.1# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384) Processing section “[public]”
Loaded services file OK. Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
workgroup = NETZWERK
server string = Samba Server Version %v security = SHARE
log file = /var/log/samba/log.%m max log size = 50
cups options = raw

[public]
comment = hier kannn reinkopiert werden path = /data/public read only = No create mask = 0777
guest only = Yes guest ok = Yes sh-4.1# cat /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 … root = administrator admin nobody = guest pcguest smbguest sh-4.1# ls -lisah /data/public total 144M
1703938 12K drwxrwxrwx. 4 nobody users 12K Dec 27 13:39 .
1703937 4.0K drwxr-xr-x. 3 root root 4.0K Dec 22 19:43 ..
1706985 144M -rwxrw-rw- 1 nobody nobody 144M Dec 27 13:39
Disney_ Alice im Wunderland (1951).mp4

12 thoughts on - Samba Vs. Firewall And/or SELinux

  • Earl A Ramirez wrote:

    sh-4.1# service nmb status nmbd (pid 1863) is running…

    I set nmb like smb my system-config-services It starts automaticly on boot.

    The nmb service is started once, usually when the system is booted, runs in the background and wakes up when needed. This service is enabled. This service is running. Starts and stops the Samba nmbd daemon used to provide NetBIOS name services.

  • Daniel J Walsh wrote:
    No, only on /data/public

    sh-4.1$ restorecon -R -v /data restorecon: unable to read directory /data

    I configured my smb with this (german) tutorial:
    http://www.gtkdb.de/index_7_1356.html

    But i tried to configure a writeable access to guests, so i didn’t add a new user in samba and run chown to nobody:nobody instead of root:users and chmod to ogu+rwx!

    Just tested with “enforcing”. Should i switch to permissive mode?

  • Run the restorecon command as root. Not a great idea since every user will be allowed to read/write/execute in this directory. I would just check if it works in permissive mode then we can blame this on SELinux, if not, then it is not SELinux problem.

    —–BEGIN PGP SIGNATURE—

  • Daniel J Walsh wrote:
    I ran chown with root:users for data public in recursive mode and added nobody to the group users, but via samba created files will own by nobody:nobody instead of nobody:users, so it is not allowed for my local user to write and read the files added via samba. So I decided to access rwx to all. what is the trick in the smb.conf that the files will owned by the group “users”? I’m working with the parameter “create mask = 777”. I would rather work with 770 and the files should be owned by the user “nobody” and the group “users”.

    Works on permissive mode with activated firewall, but i changed
    “security=share” to “security=user” in the smb.conf as well. So the access to the samba-share works now on enforcing mode, too.

  • You need to open the service in the firewall Type setup and go to the firewall and mark samba Then you will see all folders in the windows pc

  • THANK YOU… i could not figure out the typo quickly. i wanted to make sure the complete and correct reference is there when i need it some time at 3am.

LEAVE A COMMENT