samba_selinux - phpMan

Command: man perldoc info search(apropos)  

samba_selinux(8)      Samba Selinux Policy documentation      samba_selinux(8)



NAME
       samba_selinux - Security Enhanced Linux Policy for Samba

DESCRIPTION
       Security-Enhanced Linux secures the Samba server via flexible mandatory access con-
       trol.

FILE_CONTEXTS
       SELinux requires files to have an extended attribute to define the file type.  Pol-
       icy  governs  the  access  daemons have to these files.  If you want to share files
       other than home directories, those files must be labeled samba_share_t.  So if  you
       created  a  special  directory /var/eng, you would need to label the directory with
       the chcon tool.

       chcon -t samba_share_t /var/eng

       If you want to make this permanant, i.e. survive a relabel, you must add  an  entry
       to the file_contexts.local file.

       /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
              /var/eng(/.*)? system_u:object_r:samba_share_t


SHARING FILES
       If you want to share files with multiple domains (Apache, FTP, rsync,  Samba),  you
       can  set a file context of public_content_t and public_content_rw_t.  These context
       allow any of the above domains to read the  content.   If  you  want  a  particular
       domain  to  write  to  the public_content_rw_t domain, you must set the appropriate
       boolean.  allow_DOMAIN_anon_write.  So for samba you would execute:

       setsebool -P allow_smb_anon_write=1


BOOLEANS
       SELinux policy is customizable based on  least  access  required.   So  by  default
       SElinux  policy  turns off SELinux sharing of home directories and the use of Samba
       shares from a remote machine as a home directory.

       If you are setting up this machine as a Samba server and wish  to  share  the  home
       directories, you need to set the samba_enable_home_dirs boolean.

              setsebool -P samba_enable_home_dirs 1

       If you want to use a remote Samba server for the home directories on this  machine,
       you must set the use_samba_home_dirs boolean.

              setsebool -P use_samba_home_dirs 1

       You can disable SELinux protection for the samba daemon by executing:

              setsebool -P smbd_disable_trans 1
              service smb restart

       system-config-securitylevel is a GUI tool available  to  customize  SELinux  policy
       settings.





AUTHOR
       This manual page was written by Dan Walsh <dwalsh AT redhat.com>.


SEE ALSO
       selinux(8), samba(7), chcon(1), setsebool(8)



dwalsh AT redhat.com                 17 Jan 2005                 samba_selinux(8)

Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache/1.3.41 (Unix) PHP/5.2.5 mod_perl/1.30 mod_gzip/1.3.26.1a
Under GNU General Public License
2009-01-10 08:58 @38.103.63.58 CrawledBy CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
Valid XHTML 1.0!Valid CSS!