Bug 431867 - public_content_rw_t does not work on samba shares
public_content_rw_t does not work on samba shares
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2008-02-07 10:05 EST by Lutz Lange
Modified: 2008-02-07 12:18 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-07 10:56:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lutz Lange 2008-02-07 10:05:18 EST
Description of problem:
setting public_content_rw_t on a samba share does not allow writing with smbclient.

Version-Release number of selected component (if applicable):

How reproducible:
create a samba share
make it wirteable
adjust file permissons
adjust selinux context to public_content_rw_t
call smbclient //server/share
try > mkdir test

change selinux context to samba_share_t
try again -> success

Expected results:
public_content_rw_t should be writeable
Comment 1 Daniel Walsh 2008-02-07 10:56:21 EST
You need to turn on the smbd boolean.

setsebool -P allow_smbd_anon_write 1
Comment 2 Lutz Lange 2008-02-07 12:04:06 EST
This means i should allow annonymous writes? 
I dont write annonymously. I connect as student with password.

$ smbclient -U student //station8/share

Sorry to have been too unspecific.

I can attach my whole config, if you like.
Comment 3 Daniel Walsh 2008-02-07 12:18:13 EST
No this boolean just allows smbd to write to files labeled public_content_rw_t.

From SELinux point of view this is anonymous.  (public_content_t) was originally

So you are not allowing anonymous writes from an Samba point of view, just
SELinux view of the world.

man samba_selinux has more description or


Note You need to log in before you can comment on or make changes to this bug.