CentOS 7, samba issue: 0 Files/Folders when trying to share USB drive with EXT4 file system.
Samba Configuration file:
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = 271-filesharing
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ==============================
[Administrator]
path = /mnt/ELEMENTERY-1TB/
browsable =yes
writable = yes
public = no
valid users = RVS
I have user called RVS on samba. I can access samba share using my macbook pro when I use path to user's home directory.
I've done sudo chown RVS:RVS -R /mnt/ELEMENTERY-1TB
. Here are the permissions of the drive:
[RVS@271 mnt]$ ls -al
total 4
drwxr-xr-x. 3 RVS RVS 28 Sep 12 00:26 .
dr-xr-xr-x. 17 root root 224 Sep 9 11:27 ..
drwxrwxrwx. 4 RVS RVS 4096 Sep 12 00:26 ELEMENTERY-1TB
I also mounted this drive as RVS user with sudo mount /deb/sdb /mnt/ELEMENTERY-1TB
.
Is there something I have skipped in configuration/permissions?
Best Answer
CentOS enables SELinux by default, which adds additional security restrictions on the system. Default policy mostly covers the typical/default configurations for confined software. When access is denied, usually a log entry is generated in audit logs in
/var/log/audit/audit.log
.With a removable media you should consider mounting the device with SELinux context option. This way you avoid modifying your system's SELinux policy and the need for filesystem relabeling on the removable device. You can use
samba_share_t
if you only intend to make the mount point to be used with samba. If you use/labeluser_home_t
type, the files will be treated as if they were in user home directory.Or in
/etc/fstab
If you still have issues with SELinux, you can use
audit2why
to find out why access was denied, and possibly if a SELinux boolean exists to allow access. In case you need to alter SELinux policy, you can useaudit2allow
to generate a policy module to allow access.There are also two booleans
samba_export_all_ro
andsamba_export_all_rw
when enabled allow samba to access (and share) any files. In this case this allows samba significantly more access than required and therefore should not be used in this situation as mount options can be configured easily.