reading cifs share fails with permission denied - cifs samba directory permission denied
Solution 1
FYI, I got some help from Red Hat...the problem was SELinux restricting permissions. I don't need the control offered by SELinux, so I just disabled it by editing /etc/selinux/config and restarting.
Solution 2
The more appropriate answer to this issue is stated at the top of the /etc/samba/smb.conf.example
file:
Use the samba_export_all_ro or samba_export_all_rw Boolean to share system directories. To share such directories and only allow read-only permissions:
setsebool -P samba_export_all_ro on
To share such directories and allow read and write permissions:
setsebool -P samba_export_all_rw on
Also if you look at the setroubleshoot log generated by auditd it gives you several suggestions on how to potentially fix your issue with a relative confidence level from 1-100.
To view these logs and suggestions run:sealert -a /var/log/audit/audit.log
In short, to fix this issue run the command:setsebool -P samba_export_all_rw on
Then restart the service.
Edit:
Additionally ensure you apply the appropriate selinux context to your samba share directory by using the following command:
semanage fcontext -a -t samba_share_t "/PATH_TO_SHARE(/.*)?"
Related videos on Youtube
hwilliams
Updated on September 18, 2022Comments
-
hwilliams almost 2 years
I'm trying to setup a samba server to share data among clients via cifs. As a test, I mounted the samba share on the same machine and tried to access the contents of the directory. The mount command was:
mount -t cifs -o username=sthomaso,workgroup=WORKGROUP //server/scratch /mnt/server/scratch
...which worked fine after entering the password. Although I can
cd /mnt/server/scratch
, when I try to list the contents of the directory withls
, I get errorls: reading directory .: Permission denied
.On the server, my
/etc/samba/smb.conf
is:[global] security = user workgroup = WORKGROUP [homes] writeable = yes [scratch] path = /var/scratch valid users = @feausers writeable = yes
User "sthomaso" was added to tdbsam with command:
pdbedit -a -u sthomaso
User "sthomaso" is in group "feausers", verified with the "groups sthomaso" command.
/bin/ls -lF /var | grep scratch
shows:drwxrwx--T. 2 root feausers 4096 Jun 14 14:40 scratch/
/var/log/samba/log.smbd
contains validation of a successful connection in line:<snip> smbd/service.c:1070(make_connection_snum) <snip> connect to service scratch initially as user sthomaso (uid=500, gid=501) (pid 99999)
So it looks like I am successfully mounting the share, but why can't I read the directory and access the files?
-
hwilliams about 13 yearsForgot to mention...this is RHEL 6.1
-