Red Hat Bugzilla – Bug 187197
Samba anon - setsebool command fails
Last modified: 2007-11-30 17:11:28 EST
Description of problem: setsebool -P allow_smb_anon_write=1 fails Attempted to use this setsebool command as documented in http://fedora.project.org/wiki/SELinux/samba to allow anon R/W. R/W for home directory for user defined on both FC5 and XP is OK. getsebool -a | grep smb returns allow_smbd_anon_write --> off Version-Release number of selected component (if applicable): FC5 How reproducible: 100% Steps to Reproduce: 1.Use advice from man samba_selinux(8) or wiki copy 2.Try to get anon samba write to work as documented 3.Notice that the man page and wiki have a typo! 4.Enter corrected command. Boolean is now set, but R/W for anon still doesn't work even after reboot of FC5 system Actual results: "setsebool -P allow_smb_anon_write=1" failed with libsemanage.dbase_llist_set: record not found in the database libsemanage.dbase_llist_set: could not set record value Could not change boolean allow_smb_anon_write Could not change policy booleans Expected results: Change to boolean, and working Samba anon R/W Additional info: The man page says to issue "setsebool -P allow_smb_anon_write=1"... but the actual command needs to be "setsebool -P allow_smbd_anon_write=1". This works to set the required flag... even though Samba anon R/W is still not working for me. I only spotted it because I typed in the grep command and results above.
I tried something else, and it worked: I used "chmod 777 /home/share" to make the direcory writable via anonymous Samba user. I am unsure whether this is going overboard, however, since it makes it world writable from all sources, not just Samba. It may be an obvious point, but perhaps worth mentioning in the manpage? I'm reducing severity to normal, as I'm OK now but updating this as part of the next manpages revision (and updating the wiki) would be a really helpful for others.
Fixed in selinux-policy-2.2.25-3.fc5
Closing several old modified bugs