Aha! Moving it worked. I can now see it from Windows. If I chmod 777
on the directory I can also add files to it from Windows.
However, I don't quite understand why the parent of the share directory
affects it. BTW /home/me has 700 permissions and /srv has 755. If the
+x on /srv allows the +x on my test share directory to allow Windows to
browse it, why doesn't the -w on /srv prevent the +w on my test share
directory from allowing Windows to create files there? I always thought
negative permissions took precedence in ACL, generally?
Thanks,
Kev
On 2013-08-20 10:22 AM, Kevin Field wrote:
Hi Ricky,
I don't think I should have to reboot. setenforce is documented to work
without rebooting. If I need to reboot a Linux server to troubleshoot
something like this--and I hear SELinux is often a first thing to try
disabling to troubleshoot--then it's worse than Windows for rebooting
requirements. But I'm pretty sure that's simply not true.
Otherwise this is meaningless:
$ sudo setenforce 0
$ sudo getenforce
Permissive
Also I'm a bit confused as to why the permissions on /home should affect
/home/me if I've explicitly set them on /home/me and haven't defined
some kind of ACL inheritance policy. Is it the default that higher
directories' permissions override lower ones in CentOS? Or is it a
Samba fileshare thing? I would like to know exactly how this works, but
in any case, I'll try moving the share and see how it goes.
Thanks,
Kev
On 2013-08-17 9:47 AM, Ricky Nance wrote:
Have a look at
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-enable-disable.html
and
you will probably have to reboot after making the changes. I have seen
this cause more problems then not, so I would start with disabling it
and see if it fixes your problem. Also since you are using a /home/me
before your share, you need to make sure you have at least 755
permissions in both /home and /home/me, it might be a good idea to make
a directory named /srv/mytestshare instead.
Ricky
On Fri, Aug 16, 2013 at 8:14 PM, Kevin Field <[email protected]
<mailto:[email protected]>> wrote:
Interestingly, I couldn't turn off selinux using their method:
$ sudo echo 0 > /selinux/enforce
-bash: /selinux/enforce: Permission denied
Perhaps it's a CentOS thing. Anyway, `sudo setenforce 0` seemed to
work in that it didn't give me an error message, but OTOH didn't
seem to work in that the output of ls -alhDZ was the same:
drwxrwxr-x. me me unconfined_u:object_r:samba___share_t:s0
mytestshare
But in any case, it still gives me the same error from Windows.
Also something strange happened, after a while I could not navigate
to \\newdc without a similar error, but I had not been doing
anything in the system, so I'm not sure what might have caused it.
Running `sudo killall samba` and then `sudo samba` made it
suddenly be browseable again. Maybe not related...not sure...
Anyway thanks for your help, Ricky. Any other ideas? BTW I had set
up the selinux permissions on the mytestshare dir per the HOWTO at
http://wiki.centos.org/HowTos/__SetUpSamba
<http://wiki.centos.org/HowTos/SetUpSamba> . I'm pretty sure that's
why it says samba_share_t on the ls output above.
Kev
On 2013-08-16 11:52 AM, Ricky Nance wrote:
Temporarily turn off selinux, if that fixes your issue you will
need to
adjust the selinux rules to take care of the problem (or just
completely
disable selinux). Also if you do a ls -alhDZ
/home/me/mytestshare before
you turn it off it can tell you if selinux is on, then run that
again
after its turned off to confirm. You can read about
disabling/turning
off selinux
at�http://www.revsys.com/__writings/quicktips/turn-off-__selinux.html
<http://www.revsys.com/writings/quicktips/turn-off-selinux.html>
Ricky
On Thu, Aug 15, 2013 at 10:44 PM, Kevin Field <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
I have a share setup on a Samba 4.0.8 / CentOS 6.4 box
that is
successfully replicating with a W2K3 server. �I'm
following the
HOWTO here:
https://wiki.samba.org/index.____php/Setup_and_configure_file_____shares
<https://wiki.samba.org/index.__php/Setup_and_configure_file___shares>
<https://wiki.samba.org/index.__php/Setup_and_configure_file___shares
<https://wiki.samba.org/index.php/Setup_and_configure_file_shares>>
[mytest]
� � � � path = /home/me/mytestshare <-- with or without
trailing slash
� � � � read only = No
On the W2K3 box, I can browse to \\newdc and I see my test
share
listed there. �I can also see it if I connect to newdc in
Computer
Management. �However, what I can't get from either of those
places
is a Security tab if I right-click the share and go to
Properties.
�There's a Share Permissions tab in CM only that says that
Everyone
has Full Control. Despite that, if I try to double-click
the share
in Explorer, I get:
---------------------------
\\newdc
---------------------------
\\newdc\mytest is not accessible. You might not have
permission to
use this network resource. Contact the administrator of
this server
to find out if you have access permissions.
Access is denied.
---------------------------
OK
---------------------------
My account has all privileges I can think of, including the
SeDiskOperatorPrivilege as laid out in the HOWTO.
Even if I chmod 777 /home/me/mytestshare I get this error.
What am I missing?
Thanks,
Kev
--
To unsubscribe from this list go to the following URL and
read the
instructions:
�https://lists.samba.org/____mailman/options/samba
<https://lists.samba.org/__mailman/options/samba>
<https://lists.samba.org/__mailman/options/samba
<https://lists.samba.org/mailman/options/samba>>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
