I just spent 4 hours tracking down a samba permissions issue. I am going out of my mind now. And I REALLY hate the people who created SELinux. SELinux is an abortion of common sense. It is, in my humble opinion, a lot like Sendmail programming. Only a select few have any idea how it works, or how to effectively use it. The rest of us (and I tend to count myself among the more knowledgeable out there) are left banging our heads against solid objects thanks to the weirdness that SELinux produces.
So on my samba server, I had all the export directories set with permissions 777. My smb.conf file had all export shares as "writable = yes" and I even added in "read only = no". When mounting from my client machine, I added the "rw" option AND even mounted them to mount points that were set at 777 also (though that really doesn't matter).
So I could "cd" into the mounted share. I could "ls". I could touch a file (and get a weird "setting time" message). I could echo some garbage into a file. BUT I COULDN'T READ MY OWN FILES!
I worked on this for 4 hours today, and even sought the advice of some rather bright people at work. Then finally, I happened to notice an SEAlert message in /var/log/messages. It was telling me that SELinux had blocked certain actions.
So the fix, after 4 hours of pain and misery, was "chcon -R -t samba_share_t /[topleveldir]"
That was it. That simple thing fixed all my woes. I had thought I had disabled SELinux on this Red Hat Enterprise 5 box, but apparently I did not. That is going to happen on my next reboot, for sure. For now, I am going to go home after a very long day, drink a beer, watch some Korean slasher film and go to bed and dream of ginger call girls.
Das Aggregator!