- tried making samba work, it would not; come to find out [correct me if i'm wrong] that default install of CentOS (or RHEL) that SELinux is set to enforcing but only SSH for example is allowed (ignorance is bliss) but SAMBA is not.
- so I hastily found out about /etc/selinux/config and I set that sucker to disabled. Bamm, after reboot samba magically works.
- then 5 minutes after reboot... reading the other option about permissive in the header of that file (as well as on the web and RHEL security guide) I am thinking I should have set it to permissive not disabled.
- So I did, did a reboot, and system actually automatically rebooted twice on me but it came back up.
- Now SSH does not work; so i went back to disabled, and SSH works.
SELinux set to disabled then going back to permissive
SELinux set to disabled then going back to permissive
Re: SELinux set to disabled then going back to permissive
No. Not true. This is true of firewall rules - only ssh is allowed out of the box and nothing else. But selinux, no.tried making samba work, it would not; come to find out [correct me if i'm wrong] that default install of CentOS (or RHEL) that SELinux is set to enforcing but only SSH for example is allowed (ignorance is bliss) but SAMBA is not.
Yes, you're right that would have been better. Even better than that would haev been to leave it alone and just run setenforce 0 as root to go from enforcing into permissive mode on the fly (no reboot required, in fact that turns it back on).then 5 minutes after reboot... reading the other option about permissive in the header of that file (as well as on the web and RHEL security guide) I am thinking I should have set it to permissive not disabled.
When you disable it then it then new files that are created after that point do not get assigned selinux contexts. When you turn it back on and try to access those new files, access will be denied as the selinux context is wrong (or not set).Can somebody summarize what's happening
You cannot just go from disabled to enforcing in one go. You must:
edit /etc/sysconfig/selinux and turn it from disabled to permissive and save it. Now touch /.autorelabel; reboot and the system will reboot in permissive mode and relabel the entire filesystem, assigning the correct selinux labels to every file on the system. When that is done you can edit the file again and change permissive to enforcing.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: SELinux set to disabled then going back to permissive
thanks,
i should clarify what happened with SAMBA (and this was on RHEL 7.6) that from win7 or win10 I could go to \\mylinuxserver and I did see the folder share however when i tried to enter than folder I then got denied with a non specific contact you administrator popup in windows. It was then that I disabled selinux and rebooted RHEL and then I could immediately access that share. Ok so problem narrowed down to selinux.
I did nothing else on the linux system (no new files created) other than log in as root and modify /etc/selinux/config and reboot and test my samba share only trying to enter the share folder. It was then that I went from disabled to permissive mode and got the double reboot but now when trying to SSH from my pc on the LAN to this server i was denied on that (i did not try the samba share)
I am pretty sure that in RHEL the default setting after install from dvd is enforcing; iwhen I get a chance i will boot my other disk of centos 7.6 and see what that selinux setting is which i assume is enforcing, haven't had a chance to mess with my centos disk to the extent that i want my priority right now is RHEL which I assume once I get that figured out everything learned will apply directly to centos
i should clarify what happened with SAMBA (and this was on RHEL 7.6) that from win7 or win10 I could go to \\mylinuxserver and I did see the folder share however when i tried to enter than folder I then got denied with a non specific contact you administrator popup in windows. It was then that I disabled selinux and rebooted RHEL and then I could immediately access that share. Ok so problem narrowed down to selinux.
I did nothing else on the linux system (no new files created) other than log in as root and modify /etc/selinux/config and reboot and test my samba share only trying to enter the share folder. It was then that I went from disabled to permissive mode and got the double reboot but now when trying to SSH from my pc on the LAN to this server i was denied on that (i did not try the samba share)
I am pretty sure that in RHEL the default setting after install from dvd is enforcing; iwhen I get a chance i will boot my other disk of centos 7.6 and see what that selinux setting is which i assume is enforcing, haven't had a chance to mess with my centos disk to the extent that i want my priority right now is RHEL which I assume once I get that figured out everything learned will apply directly to centos
Re: SELinux set to disabled then going back to permissive
Which would have been much more easily diagnosed just by going to permissive by running setenforce 0 which takes effect immediately and requires no reboot.It was then that I disabled selinux and rebooted RHEL and then I could immediately access that share. Ok so problem narrowed down to selinux.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke