Product SiteDocumentation Site

14.4. Configuration examples

The following examples provide real-world demonstrations of how SELinux complements the Samba server and how full function of the Samba server can be maintained.

14.4.1. Sharing directories you create

The following example creates a new directory, and shares that directory through Samba:
  1. Confirm that the samba, samba-common, and samba-client packages are installed:
    ~]$ rpm -q samba samba-common samba-client
    package samba is not installed
    package samba-common is not installed
    package samba-client is not installed
    
    If any of these packages are not installed, install them by using the DNF utility as root:
    ~]# dnf install package-name
  2. Use the mkdir utility as root to create a new top-level directory to share files through Samba:
    ~]# mkdir /myshare
  3. Use the touch utility root to create an empty file. This file is used later to verify the Samba share mounted correctly:
    ~]# touch /myshare/file1
  4. SELinux allows Samba to read and write to files labeled with the samba_share_t type, as long as the /etc/samba/smb.conf file and Linux permissions are set accordingly. Run the following command as root to add the label change to file-context configuration:
    ~]# semanage fcontext -a -t samba_share_t "/myshare(/.*)?"
  5. Use the restorecon utility as root to apply the label changes:
    ~]# restorecon -R -v /myshare
    restorecon reset /myshare context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
    restorecon reset /myshare/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
    
  6. Edit /etc/samba/smb.conf as root. Add the following to the bottom of this file to share the /myshare/ directory through Samba:
    [myshare]
    comment = My share
    path = /myshare
    public = yes
    writeable = no
    
  7. A Samba account is required to mount a Samba file system. Run the following command as root to create a Samba account, where username is an existing Linux user. For example, smbpasswd -a testuser creates a Samba account for the Linux testuser user:
    ~]# smbpasswd -a testuser
    New SMB password: Enter a password
    Retype new SMB password: Enter the same password again
    Added user testuser.
    
    If you run the above command, specifying a user name of an account that does not exist on the system, it causes a Cannot locate Unix account for 'username'! error.
  8. Start the Samba service:
    ~]# systemctl start smb.service
  9. Run the following command to list the available shares, where username is the Samba account added in step 7. When prompted for a password, enter the password assigned to the Samba account in step 7 (version numbers may differ):
    ~]$ smbclient -U username -L localhost
    Enter username's password:
    Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]
    
    Sharename       Type      Comment
    ---------       ----      -------
    myshare         Disk      My share
    IPC$            IPC       IPC Service (Samba Server Version 3.4.0-0.41.el6)
    username        Disk      Home Directories
    Domain=[HOSTNAME] OS=[Unix] Server=[Samba 3.4.0-0.41.el6]
    
    Server               Comment
    ---------            -------
    
    Workgroup            Master
    ---------            -------
    
  10. Use the mkdir utility as root to create a new directory. This directory will be used to mount the myshare Samba share:
    ~]# mkdir /test/
  11. Run the following command as root to mount the myshare Samba share to /test/, replacing username with the user name from step 7:
    ~]# mount //localhost/myshare /test/ -o user=username
    Enter the password for username, which was configured in step 7.
  12. Run the following command to view the file1 file created in step 3:
    ~]$ ls /test/
    file1