Hi,

I have just installed centos 6.2 and have encountered a weird problem/bug when trying to configure samba.
The other sytem in my network is a windows/xp system

I can't read anyfiles I put in there from the linux system, but I can write to it from the windows system
and if I copy a linux file over the file I put in from Windows I can read it, but not vice versa.

I was trying to set a public readable/writable directory and used /tmp for this purpose.


I have cut down my smb.conf to this
==============================
[global]
workgroup = BGS
server string = ICEBEAR Reborn
max log size = 50
security = share
guest account = nobody

[Public]
comment = Public
path = /tmp
read only = no
public = yes
guest ok = yes
guest only = yes
browseable = yes
create mask = 0777
directory mask = 0777
============================

I put in 1 test pdf in /tmp
ls -al *.pdf shows
============================
[zach@icebear tmp]$ ls -al *.pdf
-rwxrwxrwx. 1 zach zach 4035465 Jan 15 11:17 test.pdf
============================

If attempt to read this file from my windows system I get
"There was an error opening the document. Access Denied"
So I copy a file my windows system to the linux system, using the
active samba setup and now
ls -al *.pdf shows
===========================
[zach@icebear tmp]$ ls -al *.pdf
-rwxrw-rw-. 1 nobody nobody 348468 Aug 26 12:23 test2.pdf
-rwxrwxrwx. 1 zach zach 4035465 Jan 15 11:17 test.pdf
==========================

The new file test2.pdf I can read from the windows system.
Naturally I think, maybe it is because it is owned by "nobody"
So I copy this file to test3.pdf and set the attributes so
ls -al *.pdf shows
==========================
[root@icebear tmp]# ls -al *.pdf
-rwxrw-rw-. 1 nobody nobody 348468 Aug 26 12:23 test2.pdf
-rwxrw-rw-. 1 nobody nobody 348468 Jan 16 22:47 test3.pdf
-rwxrwxrwx. 1 zach zach 4035465 Jan 15 11:17 test.pdf
==========================

But when I try to read it from my windows system I again get
"There was an error opening the document. Access Denied"

I then do
cp test.pdf test2.pdf
ls -al *.pdf shows
==========================
[root@icebear tmp]# ls -al *.pdf
-rwxrw-rw-. 1 nobody nobody 4035465 Jan 16 22:54 test2.pdf
-rwxrw-rw-. 1 nobody nobody 348468 Jan 16 22:47 test3.pdf
-rwxrwxrwx. 1 zach zach 4035465 Jan 15 11:17 test.pdf
=========================

When I try to read test2.pdf from myn windows box all I am succesful
(and I am reading what was originally in test.pdf)
as a final test I rename the file
mv test2.pdf test2-newname.pdf
ls -al *.pdf shows
=========================
[root@icebear tmp]# ls -al *.pdf
-rwxrw-rw-. 1 nobody nobody 4035465 Jan 16 22:54 test2-newname.pdf
-rwxrw-rw-. 1 nobody nobody 348468 Jan 16 22:47 test3.pdf
-rwxrwxrwx. 1 zach zach 4035465 Jan 15 11:17 test.pdf
=========================
I can also read it under its new name.


I have also attached the smbd.log

Zach

I configured anonymous shares for Samba 3.6.1-77 on Fedora 16 with assistance from this blog entry: http://micheljansen.org/blog/entry/182

In my case they are writable for myself only, but you should be able to tweak it for your purposes. Make sure the username & password you supply for user 'fred', with the smbpasswd command, matches the credentials of the Windows XP account.

/etc/samba/smb.conf
-----------------------------
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = FEDORA16
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
; guest account = nobody (this is the default)
map to guest = bad user

# public shares (read only)
[downloads]
path = /downloads
browseable = yes
guest ok = yes
hide unreadable = yes
public = yes
writable = no
write list = fred
-----------------------------

# smbpasswd -a fred
# smbpasswd -an nobody
# chown -R fred:nobody /downloads

I'd suspect that you are running into SELinux problems. The /tmp directory is not really designed to be shared via Samba and the selinux context of the files within it do not allow samba to read them. You would do better to create a dedicated samba share directory and add rules to the system using something like `semanage fcontext -a -t public_content_rw_t '/shares'`. There may also be some selinux booleans that you need to set using `setsebool -P ` and you can list those by running `getsebool -a | grep -i samba`

So is CentOS some type of Linux Kernel?

YungKashSK - Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

After reading those links you should realize why you should not hijack threads as you have done. Please start a new Topic for your question (if it is a serious one) to get the attention you need. You will also learn about what is, and is not, acceptable in signatures and post content, and more about the nature of CentOS.

zach_gamma - Welcome to you as well.

Trevor,

Many Many thanks. That was it. I was able to fix my problem by disabling SELINUX.


For anyone else who has a similar problem I changed the setting in
/etc/sysconfig/selinux
from
SELINUX=enforcing
to
SELINUX=disabled

Now anyone can read/write to /tmp (or after resetting my smb.conf file to the public directory I setup for this purpose)
without having to logon (ie no passwords etc)

Cheers
Zach

Disabling selinux is not a solution; at best it is a workaround to see if your problem is caused by selinux permissions, which are shielding you from abuse.
Even then, you should not disable selinux, but temporarily set it to 'permissive' mode, and then use the entries in the messages and audit logs to find out what the issue is and correct the selinux contexts that are preventing you from doing what you want.

As you have disabled selinux instead of setting it to permissive mode, you will need to relabel your filesystem after enabling it again.

There's a good guide to selinux here, to assist you in correcting the issue.
Once you stop getting the selinux violations, you can then re-enable selinux and enjoy the added protection of your box.