Bug 161678

Summary: Samba shares don't work
Product: [Fedora] Fedora Documentation Reporter: Adam Thompson <athompso>
Component: release-notesAssignee: Release Notes Tracker <relnotes>
Status: CLOSED RAWHIDE QA Contact: Tammy Fox <tammy.c.fox>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: dwalsh, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://www.redhat.com/archives/fedora-selinux-list/2005-January/msg00074.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-10 22:07:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 118757, 151189    

Description Adam Thompson 2005-06-25 13:10:22 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
Samba needs all shares to be have the selinux label samba_share_t, which is documented in the samba_selinux man page, but nothing points new FC4 users to that manpage.

Version-Release number of selected component (if applicable):
fedora-release-4-2

How reproducible:
Always

Steps to Reproduce:
Install a new FC4 system.
Enable samba.
(Disable firewall.)
Create new directory structure for samba.
Share new directories.
Map shares from client, try to use files.

Actual Results:  Maps ok, but cannot read/write any files.

Expected Results:  Should have mapped and worked as in previous versions of linux.

Additional info:

Should at least have a one-liner in the README.
Same problem exists for ftpd, httpd, et al.: the problem and solution are documented, but no way for new users to find that documentation.
Comment 1 Elliot Lee 2005-06-27 20:49:42 UTC 
This should be noted in the release notes.
Comment 2 Karsten Wade 2005-06-27 21:03:26 UTC 
Assigning to relnotes@ and setting to block both the FC4 relnotes tracker bug
and the general SELinux FAQ tracker bug.
Comment 3 Karsten Wade 2006-01-25 20:39:45 UTC 
Is this content still relevant?  Looking to close the bug if it's old news.
Comment 4 Jeremy Katz 2006-01-25 20:55:03 UTC 
cc'ing dwalsh since it's selinux related
Comment 5 Daniel Walsh 2006-01-26 14:52:43 UTC 
Karsten, is it in the release notes for FC4/FC5?

Dan
Comment 6 Karsten Wade 2006-01-26 19:57:31 UTC 
Here is the Samba section active for FC5:

http://fedoraproject.org/wiki/Docs/Beats/Samba

I don't think this has been in any of the relnotes.

The problem is, where to put it so that makes sense.  How can the user know that
it is an SELinux permission?

The release notes are not reference documentation, they should point at other
references.
Comment 7 Adam Thompson 2006-01-27 01:04:15 UTC 
I filed a bugreport because there was NO WAY for me to discover, on my own, 
what the problem was without being familiar, a priori, with SELinux - and FC4 
is/was the first time many (most?) users were exposed to SELinux.

I think a one-liner (as suggested in my original bug report :-) in the SELinux 
section mentioning the existence of the samba_selinux, ftp_selinux, et al. 
manpages would be adequate.

e.g., at the end of the SELinux notes, put:
"(For further information on how SELinux affects some common system daemons, 
please see the samba_selinux(1), ftp_selinux(1), and httpd_selinux(1) 
manpages.)"

I'm not sure if any of those other than samba_selinux actually exist, but you 
get the idea...
Comment 8 Paul W. Frields 2006-09-10 22:07:13 UTC 
This information is now linked from the Security/SELinux beat, through the
canonical SELinux info on the wiki.