Return to Level1Techs.com

Can't write to SambaShare from Windows

Hello,

I have a zfs pool that I want to use as a NAS, and I am running into issues creating a network shared drive with Samba. I tried following quite a few tutorials and reading things, including the posts here and here on this forum.

The folder I would like to share is located in /dumpster/shared. It belongs to the user nobody, and has the unconfined_u:samba_share_t:s0 SELinux context attached. The file path down from root has read, write, and execute permssions set. I can mount the drive from Windows 10 over the network. but I can’t write to it.

My smb.conf is organized as follows:

[global]
        workgroup = WORKGROUP
        security = user
        map to guest = bad user

[Anonymous]
        comment = Anonymous File Server Share
        path = /dumpster/shared
        available = yes
        browsable = yes
        writable = yes
        guest ok = yes
        read only = no
        force user = nobody

I don’t understand what my permission issue is, how can I fix this?

Thanks!

What’s the permissions on /dumpster/shared?

#ls -laZ /dumpster
total 1
drwxrwxrwx.  3 root   root   system_u:object_r:unlabeled_t:s0         3 Jun 13 23:58 .
dr-xr-xr-x. 18 root   root   system_u:object_r:root_t:s0            240 Jun 13 00:17 ..
drwxrwxrwx.  2 nobody nobody unconfined_u:object_r:samba_share_t:s0   2 Jun 14 17:38 shared

Okay, I have been playing around some more, so I can write regular files to the sambashare with those permissions, but every time I create a directory, I immediately get permission denied for the directory and its children.

For example, I cannot write into the folder named ‘test folder’:

    ls -laZ
    total 2
    drwxrwxrwx. 3 nobody nobody unconfined_u:object_r:samba_share_t:s0 3 Jun 15 19:28  .
    drwxrwxrwx. 3 root   root   system_u:object_r:unlabeled_t:s0       3 Jun 13 23:58  ..
    drwxr-xr-x. 2 nobody nobody system_u:object_r:samba_share_t:s0     2 Jun 15 19:28 'test folder'

New update, now my smb.conf looks like the following:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = WORKGROUP
        security = user
        map to guest = bad user

[Anonymous]
        comment = Anonymous File Server Share
        path = /dumpster/shared
        available = yes
        browsable = yes
        writable = yes
        guest ok = yes
        read only = no
        force user = nobody
        create mask = 0777
        directory mask = 0777

And that seems to at least work when I let selinux run in permissive mode. Is there any way to tell why selinux would be denying access to certain files?

you should not use nobody if you’re using selinux or disable selinux.