Bug 144669 - When selinux is on smb files are owned by nobody
When selinux is on smb files are owned by nobody
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-01-10 10:50 EST by Need Real Name
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-12 17:59:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2005-01-10 10:50:10 EST
Description of problem:
When selinux targeted is on all files on smb shares are owned by
user/group nobody

Version-Release number of selected component (if applicable):


How reproducible:
turn selinux on (targeted)

Steps to Reproduce:
1. turn selinux on
2. create a file on smb share
3.
  
Actual results:
ownership is nobody/nobody

Expected results:
ownership should be that of the samba user

Additional info:
when selinux is turned off, file ownership is as expected
Comment 1 Daniel Walsh 2005-01-10 13:08:43 EST
You are doing this with rawhide I trust.  
You need to mark the files you are sharing with 

samba_share_t

chcon -R -t samba_share_t PATH_TO_SHARE

Comment 2 Need Real Name 2005-01-11 04:53:45 EST
This is with FC3
I tried the command and this is the output

s/WTLD80us.HST to system_u:object_r:samba_share_t: Invalid argument
chcon: failed to change context of /home/data_cc/brec to
root:object_r:samba_share_t: Invalid argument
Comment 3 Daniel Walsh 2005-01-11 09:50:27 EST
Ok, my mistake.  samba_share_t is not defined in FC3, so SELinux
should not be governing anything with samba.

When you say turn SELinux on, are you talking about changing it from
permissive to enforcing or disabled to inforcing.  If you booted a
machine disabled and then want to turn on SELinux,  You have to relabel.
The easiest way to do that is to
touch /.autorelabel
reboot
Comment 4 Need Real Name 2005-01-11 10:18:13 EST
Even though I got the error messages it seems to be working now

I turned off via security level tool and rebooted

Note You need to log in before you can comment on or make changes to this bug.