Bug 144669 - When selinux is on smb files are owned by nobody
Summary: When selinux is on smb files are owned by nobody
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-10 15:50 UTC by Need Real Name
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-12 21:59:10 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2005-01-10 15:50:10 UTC
Description of problem:
When selinux targeted is on all files on smb shares are owned by
user/group nobody

Version-Release number of selected component (if applicable):


How reproducible:
turn selinux on (targeted)

Steps to Reproduce:
1. turn selinux on
2. create a file on smb share
3.
  
Actual results:
ownership is nobody/nobody

Expected results:
ownership should be that of the samba user

Additional info:
when selinux is turned off, file ownership is as expected

Comment 1 Daniel Walsh 2005-01-10 18:08:43 UTC
You are doing this with rawhide I trust.  
You need to mark the files you are sharing with 

samba_share_t

chcon -R -t samba_share_t PATH_TO_SHARE



Comment 2 Need Real Name 2005-01-11 09:53:45 UTC
This is with FC3
I tried the command and this is the output

s/WTLD80us.HST to system_u:object_r:samba_share_t: Invalid argument
chcon: failed to change context of /home/data_cc/brec to
root:object_r:samba_share_t: Invalid argument


Comment 3 Daniel Walsh 2005-01-11 14:50:27 UTC
Ok, my mistake.  samba_share_t is not defined in FC3, so SELinux
should not be governing anything with samba.

When you say turn SELinux on, are you talking about changing it from
permissive to enforcing or disabled to inforcing.  If you booted a
machine disabled and then want to turn on SELinux,  You have to relabel.
The easiest way to do that is to
touch /.autorelabel
reboot


Comment 4 Need Real Name 2005-01-11 15:18:13 UTC
Even though I got the error messages it seems to be working now

I turned off via security level tool and rebooted


Note You need to log in before you can comment on or make changes to this bug.