Red Hat Bugzilla – Bug 187197
Samba anon - setsebool command fails
Last modified: 2007-11-30 17:11:28 EST
Description of problem: setsebool -P allow_smb_anon_write=1 fails
Attempted to use this setsebool command as documented in
http://fedora.project.org/wiki/SELinux/samba to allow anon R/W.
R/W for home directory for user defined on both FC5 and XP is OK.
getsebool -a | grep smb returns
allow_smbd_anon_write --> off
Version-Release number of selected component (if applicable): FC5
Steps to Reproduce:
1.Use advice from man samba_selinux(8) or wiki copy
2.Try to get anon samba write to work as documented
3.Notice that the man page and wiki have a typo!
4.Enter corrected command. Boolean is now set, but R/W for anon still doesn't
work even after reboot of FC5 system
Actual results: "setsebool -P allow_smb_anon_write=1" failed with
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean allow_smb_anon_write
Could not change policy booleans
Expected results: Change to boolean, and working Samba anon R/W
The man page says to issue "setsebool -P allow_smb_anon_write=1"... but the
actual command needs to be "setsebool -P allow_smbd_anon_write=1". This works
to set the required flag... even though Samba anon R/W is still not working for
me. I only spotted it because I typed in the grep command and results above.
I tried something else, and it worked: I used "chmod 777 /home/share" to make
the direcory writable via anonymous Samba user. I am unsure whether this is
going overboard, however, since it makes it world writable from all sources, not
just Samba. It may be an obvious point, but perhaps worth mentioning in the
I'm reducing severity to normal, as I'm OK now but updating this as part of the
next manpages revision (and updating the wiki) would be a really helpful for others.
Fixed in selinux-policy-2.2.25-3.fc5
Closing several old modified bugs