Product SiteDocumentation Site

14.4.2. Sharing a website

It may not be possible to label files with the samba_share_t type, for example, when wanting to share a website in the /var/www/html/ directory. For these cases, use the samba_export_all_ro Boolean to share any file or directory (regardless of the current label), allowing read only permissions, or the samba_export_all_rw Boolean to share any file or directory (regardless of the current label), allowing read and write permissions.
The following example creates a file for a website in /var/www/html/, and then shares that file through Samba, allowing read and write permissions. This example assumes the httpd, samba, samba-common, samba-client, and wget packages are installed:
  1. As the root user, create a /var/www/html/file1.html file. Copy and paste the following content into this file:
    <html>
    <h2>File being shared through the Apache HTTP Server and Samba.</h2>
    </html>
    
  2. Run the following command to view the SELinux context of file1.html:
    ~]$ ls -Z /var/www/html/file1.html
    -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/file1.html
    
    The file is labeled with the httpd_sys_content_t. By default, the Apache HTTP Server can access this type, but Samba cannot.
  3. Start the Apache HTTP Server:
    ~]# systemctl start httpd.service
  4. Change into a directory your user has write access to, and run the following command. Unless there are changes to the default configuration, this command succeeds:
    ~]$ wget http://localhost/file1.html
    Resolving localhost... 127.0.0.1
    Connecting to localhost|127.0.0.1|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 84 [text/html]
    Saving to: `file1.html.1'
    
    100%[=======================>] 84          --.-K/s   in 0s      
    
    `file1.html.1' saved [84/84]
    
  5. Edit /etc/samba/smb.conf as root. Add the following to the bottom of this file to share the /var/www/html/ directory through Samba:
    [website]
    comment = Sharing a website
    path = /var/www/html/
    public = no
    writeable = no
    
  6. The /var/www/html/ directory is labeled with the httpd_sys_content_t type. By default, Samba cannot access files and directories labeled with the this type, even if Linux permissions allow it. To allow Samba access, enable the samba_export_all_ro Boolean:
    ~]# setsebool -P samba_export_all_ro on
    Do not use the -P option if you do not want the change to persist across reboots. Note that enabling the samba_export_all_ro Boolean allows Samba to access any type.
  7. Start the Samba service:
    ~]# systemctl start smb.service