On 10/20/2011 08:36 PM, RILINDO FOSTER wrote:
It is actually in the smb.conf file, assuming that it doesn't get overwritten
by swat. Here is an excerpt:
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
You can feel free to turn SELinux, but if you play around with it, it can be
useful as an extra line of defense against intruders.
- Rilindo
Thank you. It did get overwritten, not by swat, but by me. :'[
Is selinux effective enough as an "extra line of defense against intruders"?
or mostly just a pain in the neck. I would like the extra line of
defense, but only
if it works.
Thank you again for the quote from smb.conf!
-T
