Share folder /var/www/html/ewd/

[kolaborek]

Hello,

I try to set CentOS as a something like LAMP server with directory /var/www/html/ewd/ shared in local network.

I created user samba_user that is member of group sambagroup and tried to correctly setup smb.conf file, but cannot access to this folder. I can see it in windows local network, but when I try access to it, I got information, that I have no sufficient permission....
Below is my smb.conf file.

Code: Select all

[global]
        workgroup = WORKGROUP
        netbios name = 5039-ewd
        security = user
        passdb backend = tdbsam

[EWD3]
        comment = Pliki aplikacji EWD
        path = /var/www/html/EWD3
        valid users = @sambagroup
        guest ok = no
        writable = yes
        browsable = yes

What else should I pay attention to?

Best Regards

[hunter86_bg]

By default SELINUX is configured and expects apache content under /var/www/html.
You can change the SELINUX's context to 'public_content_t' or 'public_content_rw_t' if you plan to share the directory between apache (httpd) and samba.
If you want to allow only samba , you can use 'samba_t' context.

In order to change use

Code: Select all

semanage fcontext -a 
-t public_content_rw_t  "/var/www/html/edt(/.*)?"
restorecon -RFvv /var/www/html/edt

Last you need to allow both samba and apache to access 'public_content_rw_t' labeled files/dirs via:

Code: Select all

setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1

[kolaborek]

@hunter86_bg Many, many thx

Sorry for late reply, but I'm windows guy, and I had to read about SELinux. This is very new for me.

Now I can enter into shared folder from windows machine, but can't write to it.
I suppose this is due invluicent rights for samba user.

Folder /var/www/html/ewd has rights listed below:

Code: Select all

drwxr-xr-x. 2 root root  6 Aug  6 22:38 ewd

And in samba config file I setup valid users parameter with @sambagroup.

Before I mess something I want to ask about it. I understand that I can change owner group to sambagroup but I'm not sure it won't cause that Apache will loose access...

[kolaborek]

Ok, here are commands that I used and I think it works correctly.
First I change group owner of the folder:

Code: Select all

chgrp sambagroup /var/www/html/ewd3/

Then I addes group permissions like below:

Code: Select all

chmod -R g+rwx /var/www/html/ewd3/

From now, I can read and write files through network share

[hunter86_bg]

In SAMBA, you have 2 methods of control:
1. Set all 777 for the shared folder and control access via SAMBA itself
2. Use Identity Management like AD or FreeIPA which will guarantee that the user's have the same objectSID (thus UID/GID) and control access via regular linux (ugo) permissions. In such case - SAMBA should allow anyone to access the share and rely on linux permissions.
For example, AD user John has same objectSID (thus UID/GiD) everywhere - so you can set that user as owner and grant him permissions to write.
As AD is involved - Kerberized SAMBA is out of my skills...

I prefer first method ,as it is more simple.

Do you use AD ?