Red Hat / Fedora :: SELinux Is Preventing The Samba Daemon From Reading Users' Home Directories
Sep 1, 2010
My Fedora box is giving me an SELinux security error:
Code: Summary:
SELinux is preventing the samba daemon from reading users' home directories.
Detailed Description:
SELinux has denied the samba daemon access to users' home directories. Someone
is attempting to access your home directories via your samba daemon. If you only
setup samba to share non-home directories, this probably signals an intrusion
attempt. For more information on SELinux integration with samba, look at the
samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the
samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
Fix Command:
setsebool -P samba_enable_home_dirs=1
Additional Information:
Source Context system_u:system_r:smbd_t:s0
Target Context unconfined_u:object_r:user_home_dir_t:s0
Target Objects /home/micah [ dir ]
Source smbd
[code]....
View 2 Replies
ADVERTISEMENT
Oct 6, 2010
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no
wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
View 5 Replies
View Related
Jan 20, 2010
Is it possible to restrict users to their home directories and allow admins to have different home directories? Essentially I want users to have a folder in /var/www/html/$USER and admins to have either unrestricted access or have their root directory be ./ or /www or /etc. I have is set now so users have access to thier home direcotry but I need to upload web files as admin.
So far I have created:
chroot_list
user_list
[code]....
View 1 Replies
View Related
Jan 25, 2011
I'm a refugee from WindowsXP, running Fedora 14 with three user accountsMy problem is that I need the primary user (userd 500) to be able to have full access all other users' files in their home directories so that user can copy, move, delete, etc.I tried making that user a member of the other users' groups - but I still get the 'not got permission' error when I try to access their home directories
View 8 Replies
View Related
Jun 19, 2010
Is there anything special about a home directory before users' home directories are stored there, or is just as typical as any other "empty" folder?Let me just cut to the chase, but please no ear ringing about the folly of messing around as root, particularly with directories at root level. I know it's considered stupidity, but I deleted my home directory.
Is there an easy way to restore a working home directory? I tried copying /etc/skel under root, but I'm not sure what a home directory should look like once it has been restored. Besides . & .., there were .screenrc & .xsession in my home directory when I copied /etc/skel. Are these files suppose to be in "/home" or "/home/~" or both?
View 10 Replies
View Related
Jul 19, 2010
I'm having trouble booting after a recent bunch of updates (haven't been able to boot F12 from hard disk for a couple of days). The boot process gets as far as "NetworkManager daemon [OK]", then just stops. I get this for all 3 kernels that I can choose from the grub menu (2.6.32.16-141, 2.6.32.14-127, 2.6.32.12-115)Mounting the hard drive with a liveUSB, a quick inspection of /var/log/messages reveals that things go smoothly until: etc. until I hit the power button.I ought to mention that I wireless card that requires the Realtek RTL8192SE driver, which requires
Code:
sudo su
make
[code]....
View 1 Replies
View Related
Nov 2, 2010
- Newly installed Fedora 14- Firefox 3.6.12- All latest Fedora updates installed- Denial occured after the installation of jre1.6.0_22 from here - Linux (self-extracting file) and creating symbolic links as follows;
Code:
[root@Freedom opt]# ln -s /opt/jre1.6.0_22/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/
Code:
[code]....
View 3 Replies
View Related
Mar 13, 2009
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
View 3 Replies
View Related
Jul 15, 2011
This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
[code]....
View 3 Replies
View Related
Mar 31, 2011
I don't quite understand /etc/skel. I know that everything in /etc/skel will effect all NEW users, and that's about it.
Basically, what I'm trying to do is add the directories "home" and "work" to the users /home directory.
How do I do this?
View 2 Replies
View Related
Dec 11, 2010
How can i chroot group of users to thier home directories and they have ssh access on RHEL 5.5 .. i tried many tuts but it was about chroot services.
View 2 Replies
View Related
Jul 28, 2010
I have my home server setup, running 10.04 x64. The OS is installed on a 300GB WD Blue drive, and I have a RAID5 array md0, consisting of 4x 2TB WD Green drives, mounted as /home. I am sharing the home directories using samba and using them to back-up the other computers in the house. I have created a user account+password for each computer, giving it its own "/home/computername_backup/" directory to store it's backups in.
Computers being backed-up:(750GB) Gaming PC running Win7 Ultimate x64
(30GB + 2TB) HTPC running Win7 Home Premium x64
(32GB) Netbook running Win7 Home Premium x32
(250GB) 2 Macbook Pros Running OS X 10.6.4 (tweaked to allow time machine to recognize the samba share as a time machine volume
Question: 5.37TB of /home seems good for now, and I haven't run into any problems so far, but I don't want to have to keep checking. I'd like to put a size cap on each user's home, to prevent one of the computers from gobbling up all the space. Is there an easy (or hard) way to configure this type of thing? My Macbook, for example, only has a 250GB HD. I could give it 3-400GB of space for its home and that would be plenty - whenever it filled its /home/, it would start erasing the oldest backups. If there is no size limit, I believe it will just continue to grow until all the free space is gone.
Considerations: Right now, the HTPC is storing all its media locally (on the installed 2TB drive). However, I've already used 3/4 of the space and the HPTC enclosure can only hold one drive. My plan moving forward is to have /home be used to store media files (iTunes music for all computers and tv/movies for the HTPC), which is another reason I'd like to ensure that the backups don't take up all the space.
I realize I could create a partition for each computer, but I'd prefer not to go down this route. This would seem an untenable tactic if I added another computer next month, or if I realized that the partition was too small.
View 2 Replies
View Related
Feb 20, 2011
I am trying to create a bash script that will search all users home directories on a system for words like quit, steal, kill etc. Pretty sure I'm going to be using grep /home. The only thing is that obviously a word like 'kill' could have normal uses too like "I need to kill the process." How would I go about flagging a user with the word/phrase found, and the path while also omitting legitimate uses?
View 1 Replies
View Related
Jul 3, 2009
I'm testing a Debian Lenny virtual machine to simulate my ideal setup for FTP server (with vsftpd): I want all internal users (corporation users with Active Directory accounts) to ftp into the same directory (i.e. /var/FTP/AD-DOMAIN/) and external users (customers) to ftp into their home directories (created manually on request).
I added user_config_dir=/etc/vsftpd_user_conf option in /etc/vsftpd.conf file and I've created /etc/vsftpd_user_conf/domain-user1 with local_root=/var/FTP/AD-DOMAIN
I have setup vsftp so I can ftp with every external and internal user chrooted and is working properly. AD validation for internal users and "normal" validation (via /etc/passwd) for external users work perfect.
I can FTP this server into /var/FTP/AD-DOMAIN with any AD user with its home directory created (i.e. /home/AD-DOMAIN/domain-user1/) but if I try to ftp with any AD user without its home directory created I get the error "500 OOPS: cannot change directory:/home/AD-DOMAIN/domain-user2"
I have found some references (http://wiki.flexion.org/FtpServer.html and http://howto.gumph.org/content/setup...ies-in-vsftpd/) about vsftp PAM authentication so I would supposedly get rid of the error message and the user would log into /var/FTP/AD-DOMAIN without problems, but I can't figure out how to setup my FTP server.
View 1 Replies
View Related
Jan 8, 2010
I'm trying to mount the home directories of the users on the server to the respective desktops. I would like to use the libpam-mount module. do you guys know, how make it run? I am using 9.10 both server and desktop and the most recent pam-mount module. I know that the /etc/security/pam_mount.conf.xml needs to be edited. I added the following to it:
Code:
<volume user="username" fstype="cifs" server="IP-Server" path="/home/username" mountpoint="/media/server" />
View 9 Replies
View Related
Apr 13, 2010
I'm working with Fedora and SELinux and am having a problem. I need to allow apache's http daemon to use arp (for getting some mac addresses). I have changed the type of the arp executable to httpd_sys_context_t but am still having an issue. Here is the messages log: Detailed Description:
[Code]...
View 4 Replies
View Related
Apr 1, 2010
I've got a small issue that when a Windows user creates a new folder through Windows Explorer (from the menu or by right clicking) the new folder is only accessible to that particular user. Example: user SABKAR (member of the HR group) creates a new folder called MarcTestMenu in a shared Samba directory through Windows Explorer:
[Code]....
At this point user MORAMY cannot copy a file or open the directory MarcTestMenu. MORAMY gets a 'not accessible' error message in Windows. If I su to the Samba box and issue this command:
[Code]...
how I can get the correct default permissions when users create directories through Windows?
View 1 Replies
View Related
Mar 22, 2010
At work, using SambaKerberos and ActiveDirectoryWinbindHowto, I joined my machine to our ADS network. Again using ActiveDirectoryWinbindHowto, I modified both common-account and common-auth with these settings.
file: /etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
file: /etc/pam.d/common-auth
[Code]....
According the the doc, when I first log in as a domain user, it should create the home directiroy /home/<whateverdomain>/<theusername>, but it doesn't.
View 2 Replies
View Related
Jun 14, 2011
I'm trying to configure a per user samba login for full access to the user's home directory.Mounting the shared directory works flawless when mounting from Windows. I can read, write, create without problems. However, when mounting from Linux the shared space is readonly.
View 8 Replies
View Related
Dec 31, 2009
I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
View 14 Replies
View Related
Apr 21, 2011
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
View 2 Replies
View Related
Aug 30, 2010
the following security alert made me checking my httpd.conf:
Code:
Summary:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code:
LoadModule userdir_module modules/mod_userdir.so
in the same conf-file the access to home-dirs is disabled:
Code:
<IfModule mod_userdir.c>
[Code]....
View 12 Replies
View Related
Jan 13, 2011
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
[code]....
View 1 Replies
View Related
Feb 3, 2010
I am running Postfix on my CentOS (latest) powered box with SELinux at Enforcing mode.
This is what I get each time Postfix tries to send e-mail:
Quote:SELinux is preventing postdrop (postfix_postdrop_t) "write" to pipe (initrc_t).
View 4 Replies
View Related
Jul 11, 2010
I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?
If I uninstall SELinux, is the firewall uninstalled also ?
View 14 Replies
View Related
Nov 11, 2010
I have a removable USB drive formated with NTFS. I enabled all the samba boolians in the SElinux GUI but it still doesn't seem to work. If i put it on permissive it will work. What more is there that i need to do to get my directories to show up on samba with selinux enabled?
View 2 Replies
View Related
May 15, 2011
I want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
View 2 Replies
View Related
May 13, 2009
I don't think it has anything to do with the config file. More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinux is on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.
Here is the output when I ran [root@fileserver /]# getsebool -a | grep smb
allow_smbd_anon_write --> on
smbd_disable_trans --> on
These two options were off I tried turning them on.
This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> on
samba_export_all_rw --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
I can also post a copy of my smb.conf file too.
View 1 Replies
View Related
Sep 5, 2009
i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog
Summary:
SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).
%
View 6 Replies
View Related
Nov 5, 2009
I get spammed with this message by the troubleshooter, is the audit-libs package related to this ? there was an update today.
View 2 Replies
View Related
