Red Hat Bugzilla – Bug 181941
Unable to create/copy folder to home directory
Last modified: 2007-11-30 17:11:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.12) Gecko/20051127 Fedora/1.7.12-1.1.1.legacy
Description of problem:
When yuo access your home directory over the network I am able to write and copy
files to it and delete them but if you try to create a folder I get an error
message saying Error creating new folder you do not have permissions to write to
A similar thing happens if you try to copy a folder to your home directory this
time you get an error while copying message Error "Access denied" while copying
I have tried it with the SMBD NMBD disabled then restarting the samba service
and this makes no difference.
The problem is present on both of my machines installed from FC5T2 and fully
updated and I think has only occured recently.
NB a users home directory gets permissions of 1600700 by default and changing this to 1600777 has no effect either.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual Results: see description
Expected Results: The ability to create folders and copy folders and their contents to my home
directory or any other folder that is shared with samba and has the appropriate
The firewalls on both test machines are active but set to pass SMB traffic.
In case it helps with debugging, what OS is your client system running? If it's
Linux, which version of Samba?
Tested this to both FC5T2 machines from my FC1 box running the following :-
and from one test machine to the other both running the following :-
and from my laptop running WINDOWS 98SE which gives similar error messages
when either trying to copy a folder or create a folder
When trying to create folder you get Problem creating object Access denied and
when trying to copy a folder you ger Error Creating File Cannot create or
replace xxxxxx: Access denied.
I can test from WINDOWS 2000, XP PRO and FC3 as well if required.
Just tried something else booted one of the test machines with enforcing=0
and hey presto I can now both copy and create folders in my home directory so it
would appear to be an selinux problem not a samba problem. I will test some more
in the morning (just after midnight here now) I will look for error messages
in the various log files to see if they contain any relavent clues.
Created attachment 124844 [details]
relavent info from audit.log
This is what ends up in audit.log when trying to copy a folder to my home
If you run 'getsebool samba_enable_home_dirs', does it return 'off'? If so, can
you retry after running 'setsebool samba_enable_home_dirs 1'?
Unfortunately it returns samba_enable_home_dirs --> on
Which was as expected as I have ticked the box for this in the samba selinux
Just notice somethig else.
A folder which is in my home directory with me as the owner is also un-deletable
when accessed remotely and so are the folders below it but all of the files get
The error this time says error while deleting smb://bentl...iles/e1000
cannot be deleted because you do not have permissions to modify the parent
e1000 is a folder 1 level down from the one in my home directory that I am
trying to delete. (NB the files in that deiectory are deleted though)
I will be doing a fresh install of fc5test3 on one of the machines that exhibit
the problems described tomorrow evening so I will see if the problem goes away
after the fresh install.
Having done a fresh install the problem still exists as described.
So I tried it with both the smbd nmbd selinux protection disabled and reebooted
and now everything works as expected (sligtly less brute force approach than
enforcing=0 at boot) although I thought that I had tried this approch I probably
did'nt reboot then test as I have just done.
Hope this narrows things down a bit.
As this is an SELINUX issue should this be moved from samba to selinux.
Just wondered has this been forgotten about or will it get fixed post FC5 release.
If this is still aparent in FC5 final (hope to get it downladed and installed
tomorrow should this be re-assigned as FC5 or left as devel.
I can confirm that this problem is still present on a freshly installed
FC5 system and my system still running rawhide now with an updated samba
samba-3.0.21c-2 (FC5 has samba-3.0.21b-2.i386.rpm)
I'm sending this to the policy guys.
This got moved to selinux-policy some while ago and I see that there are a lot
of selinux fixes being done has this problem been looked at yet.
grep smbd /var/log/message | audit2allow -M samba
semodule -i samba.pp
Policy fixed in selinux-policy-2.2.30-1
I can confirm that all is now well and this can be closed.