CentOS – Sharing a Mounted Drive with Samba on CentOS7

centossambaselinux

CentOS 7, samba issue: 0 Files/Folders when trying to share USB drive with EXT4 file system.

Samba Configuration file:

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = 271-filesharing
security = user
map to guest = bad user
dns proxy = no

#============================ Share Definitions ============================== 
[Administrator]
path = /mnt/ELEMENTERY-1TB/
browsable =yes
writable = yes
public = no
valid users = RVS

I have user called RVS on samba. I can access samba share using my macbook pro when I use path to user's home directory.

I've done sudo chown RVS:RVS -R /mnt/ELEMENTERY-1TB. Here are the permissions of the drive:

[RVS@271 mnt]$ ls -al
total 4
drwxr-xr-x.  3 RVS  RVS    28 Sep 12 00:26 .
dr-xr-xr-x. 17 root root  224 Sep  9 11:27 ..
drwxrwxrwx.  4 RVS  RVS  4096 Sep 12 00:26 ELEMENTERY-1TB

I also mounted this drive as RVS user with sudo mount /deb/sdb /mnt/ELEMENTERY-1TB.

Is there something I have skipped in configuration/permissions?

Best Answer

CentOS enables SELinux by default, which adds additional security restrictions on the system. Default policy mostly covers the typical/default configurations for confined software. When access is denied, usually a log entry is generated in audit logs in /var/log/audit/audit.log.

With a removable media you should consider mounting the device with SELinux context option. This way you avoid modifying your system's SELinux policy and the need for filesystem relabeling on the removable device. You can use samba_share_t if you only intend to make the mount point to be used with samba. If you use/label user_home_t type, the files will be treated as if they were in user home directory.

mount -t ext4 /dev/sdb /mnt/ELEMENTERY-1TB \
      -o context="system_u:object_r:samba_share_t:s0"

Or in /etc/fstab

UUID=<...> /mnt/ELEMENTERY-1TB/ ext4 defaults,errors=remount-ro,context="system_u:object_r:samba_share_t:s0" 0 1

If you still have issues with SELinux, you can use audit2why to find out why access was denied, and possibly if a SELinux boolean exists to allow access. In case you need to alter SELinux policy, you can use audit2allow to generate a policy module to allow access.

There are also two booleans samba_export_all_ro and samba_export_all_rw when enabled allow samba to access (and share) any files. In this case this allows samba significantly more access than required and therefore should not be used in this situation as mount options can be configured easily.

Related Question