Bug 187197 - Samba anon - setsebool command fails
Samba anon - setsebool command fails
Product: Fedora
Classification: Fedora
Component: libsemanage (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-03-29 00:03 EST by Al Dunsmuir
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-15 23:35:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Al Dunsmuir 2006-03-29 00:03:34 EST
Description of problem: setsebool -P allow_smb_anon_write=1 fails
Attempted to use this setsebool command as documented in
http://fedora.project.org/wiki/SELinux/samba to allow anon R/W.
R/W for home directory for user defined on both FC5 and XP is OK.

getsebool -a | grep smb returns 
allow_smbd_anon_write --> off

Version-Release number of selected component (if applicable): FC5

How reproducible:

Steps to Reproduce:
1.Use advice from man samba_selinux(8) or wiki copy
2.Try to get anon samba write to work as documented
3.Notice that the man page and wiki have a typo!
4.Enter corrected command.  Boolean is now set, but R/W for anon still doesn't
work even after reboot of FC5 system
Actual results: "setsebool -P allow_smb_anon_write=1" failed with
 libsemanage.dbase_llist_set: record not found in the database
 libsemanage.dbase_llist_set: could not set record value
 Could not change boolean allow_smb_anon_write
 Could not change policy booleans

Expected results: Change to boolean, and working Samba anon R/W

Additional info:
The man page says to issue "setsebool -P allow_smb_anon_write=1"... but the
actual command needs to be "setsebool -P allow_smbd_anon_write=1".  This works
to set the required flag... even though Samba anon R/W is still not working for
me. I only spotted it because I typed in the grep command and results above.
Comment 1 Al Dunsmuir 2006-03-29 20:03:38 EST
I tried something else, and it worked:  I used "chmod 777 /home/share" to make
the direcory writable via anonymous Samba user.  I am unsure whether this is
going overboard, however, since it makes it world writable from all sources, not
just Samba.  It may be an obvious point, but perhaps worth mentioning in the

I'm reducing severity to normal, as I'm OK now but updating this as part of the
next manpages revision (and updating the wiki) would be a really helpful for others.
Comment 2 Daniel Walsh 2006-03-30 15:50:00 EST
Fixed in selinux-policy-2.2.25-3.fc5
Comment 3 Daniel Walsh 2007-03-15 23:35:08 EDT
Closing several old modified bugs

Note You need to log in before you can comment on or make changes to this bug.