CentOS 7, samba issue: 0 Files/Folders when trying to share USB drive with EXT4 file system.
Samba Configuration file:
[global] workgroup = WORKGROUP server string = Samba Server %v netbios name = 271-filesharing security = user map to guest = bad user dns proxy = no #============================ Share Definitions ============================== [Administrator] path = /mnt/ELEMENTERY-1TB/ browsable =yes writable = yes public = no valid users = RVS
I have user called RVS on samba. I can access samba share using my macbook pro when I use path to user’s home directory.
sudo chown RVS:RVS -R /mnt/ELEMENTERY-1TB. Here are the permissions of the drive:
[[email protected] mnt]$ ls -al total 4 drwxr-xr-x. 3 RVS RVS 28 Sep 12 00:26 . dr-xr-xr-x. 17 root root 224 Sep 9 11:27 .. drwxrwxrwx. 4 RVS RVS 4096 Sep 12 00:26 ELEMENTERY-1TB
I also mounted this drive as RVS user with
sudo mount /deb/sdb /mnt/ELEMENTERY-1TB.
Is there something I have skipped in configuration/permissions?
Here is Solutions:
We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.
CentOS enables SELinux by default, which adds additional security restrictions on the system. Default policy mostly covers the typical/default configurations for confined software. When access is denied, usually a log entry is generated in audit logs in
With a removable media you should consider mounting the device with SELinux context option. This way you avoid modifying your system’s SELinux policy and the need for filesystem relabeling on the removable device. You can use
samba_share_t if you only intend to make the mount point to be used with samba. If you use/label
user_home_t type, the files will be treated as if they were in user home directory.
mount -t ext4 /dev/sdb /mnt/ELEMENTERY-1TB \ -o context="system_u:object_r:samba_share_t:s0"
UUID=<...> /mnt/ELEMENTERY-1TB/ ext4 defaults,errors=remount-ro,context="system_u:object_r:samba_share_t:s0" 0 1
If you still have issues with SELinux,
you can use
audit2why to find out why access was denied, and possibly if a SELinux boolean exists to allow access. In case you need to alter SELinux policy, you can use
audit2allow to generate a policy module to allow access.
There are also two booleans
samba_export_all_rw when enabled allow samba to access (and share) any files. In this case this allows samba significantly more access than required and therefore should not be used in this situation as mount options can be configured easily.
Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂