Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Unable to create/copy folder to home directory|
|Product:||[Fedora] Fedora||Reporter:||David Bentley <david.r.bentley>|
|Component:||selinux-policy||Assignee:||Daniel Walsh <dwalsh>|
|Status:||CLOSED RAWHIDE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-08-15 07:48:18 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description David Bentley 2006-02-17 15:48:04 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.12) Gecko/20051127 Fedora/1.7.12-1.1.1.legacy Description of problem: When yuo access your home directory over the network I am able to write and copy files to it and delete them but if you try to create a folder I get an error message saying Error creating new folder you do not have permissions to write to the destination. A similar thing happens if you try to copy a folder to your home directory this time you get an error while copying message Error "Access denied" while copying I have tried it with the SMBD NMBD disabled then restarting the samba service and this makes no difference. The problem is present on both of my machines installed from FC5T2 and fully updated and I think has only occured recently. NB a users home directory gets permissions of 1600700 by default and changing this to 1600777 has no effect either. Version-Release number of selected component (if applicable): samba-3.0.21b-2 How reproducible: Always Steps to Reproduce: see description Actual Results: see description Expected Results: The ability to create folders and copy folders and their contents to my home directory or any other folder that is shared with samba and has the appropriate permissions set. Additional info: The firewalls on both test machines are active but set to pass SMB traffic.
Comment 1 Nalin Dahyabhai 2006-02-17 18:18:05 EST
In case it helps with debugging, what OS is your client system running? If it's Linux, which version of Samba?
Comment 2 David Bentley 2006-02-17 18:42:42 EST
Tested this to both FC5T2 machines from my FC1 box running the following :- samba-client-3.0.10-1.fc1.1.legacy samba-common-3.0.10-1.fc1.1.legacy samba-3.0.10-1.fc1.1.legacy and from one test machine to the other both running the following :- samba-client-3.0.21b-2 samba-common-3.0.21b-2 samba-3.0.21b-2 and from my laptop running WINDOWS 98SE which gives similar error messages when either trying to copy a folder or create a folder When trying to create folder you get Problem creating object Access denied and when trying to copy a folder you ger Error Creating File Cannot create or replace xxxxxx: Access denied. I can test from WINDOWS 2000, XP PRO and FC3 as well if required.
Comment 3 David Bentley 2006-02-17 19:08:34 EST
Just tried something else booted one of the test machines with enforcing=0 and hey presto I can now both copy and create folders in my home directory so it would appear to be an selinux problem not a samba problem. I will test some more in the morning (just after midnight here now) I will look for error messages in the various log files to see if they contain any relavent clues.
Comment 4 David Bentley 2006-02-17 19:42:33 EST
Created attachment 124844 [details] relavent info from audit.log This is what ends up in audit.log when trying to copy a folder to my home directory.
Comment 5 Nalin Dahyabhai 2006-02-20 11:15:51 EST
If you run 'getsebool samba_enable_home_dirs', does it return 'off'? If so, can you retry after running 'setsebool samba_enable_home_dirs 1'?
Comment 6 David Bentley 2006-02-20 18:05:51 EST
Unfortunately it returns samba_enable_home_dirs --> on Which was as expected as I have ticked the box for this in the samba selinux options.
Comment 7 David Bentley 2006-02-20 18:23:45 EST
Just notice somethig else. A folder which is in my home directory with me as the owner is also un-deletable when accessed remotely and so are the folders below it but all of the files get deleted OK. The error this time says error while deleting smb://bentl...iles/e1000 cannot be deleted because you do not have permissions to modify the parent folder. e1000 is a folder 1 level down from the one in my home directory that I am trying to delete. (NB the files in that deiectory are deleted though)
Comment 8 David Bentley 2006-02-20 18:56:41 EST
I will be doing a fresh install of fc5test3 on one of the machines that exhibit the problems described tomorrow evening so I will see if the problem goes away after the fresh install.
Comment 9 David Bentley 2006-02-21 17:40:45 EST
Having done a fresh install the problem still exists as described. So I tried it with both the smbd nmbd selinux protection disabled and reebooted and now everything works as expected (sligtly less brute force approach than enforcing=0 at boot) although I thought that I had tried this approch I probably did'nt reboot then test as I have just done. Hope this narrows things down a bit.
Comment 10 David Bentley 2006-03-01 15:06:58 EST
As this is an SELINUX issue should this be moved from samba to selinux.
Comment 11 David Bentley 2006-03-06 13:40:47 EST
Just wondered has this been forgotten about or will it get fixed post FC5 release.
Comment 12 David Bentley 2006-03-19 14:38:37 EST
If this is still aparent in FC5 final (hope to get it downladed and installed tomorrow should this be re-assigned as FC5 or left as devel.
Comment 13 David Bentley 2006-03-22 11:22:10 EST
I can confirm that this problem is still present on a freshly installed FC5 system and my system still running rawhide now with an updated samba samba-3.0.21c-2 (FC5 has samba-3.0.21b-2.i386.rpm)
Comment 14 Jay Fenlason 2006-03-22 11:27:04 EST
I'm sending this to the policy guys.
Comment 15 David Bentley 2006-04-11 07:20:22 EDT
This got moved to selinux-policy some while ago and I see that there are a lot of selinux fixes being done has this problem been looked at yet.
Comment 16 Daniel Walsh 2006-04-11 11:20:40 EDT
try grep smbd /var/log/message | audit2allow -M samba semodule -i samba.pp Policy fixed in selinux-policy-2.2.30-1
Comment 18 David Bentley 2006-08-14 18:29:20 EDT
I can confirm that all is now well and this can be closed.