reading cifs share fails with permission denied - cifs samba directory permission denied

permissions directory samba
10,591

Solution 1

FYI, I got some help from Red Hat...the problem was SELinux restricting permissions. I don't need the control offered by SELinux, so I just disabled it by editing /etc/selinux/config and restarting.

Solution 2

The more appropriate answer to this issue is stated at the top of the /etc/samba/smb.conf.example file:

Use the samba_export_all_ro or samba_export_all_rw Boolean to share system directories.  To share such directories and only allow read-only permissions:
setsebool -P samba_export_all_ro on
To share such directories and allow read and write permissions:  
setsebool -P samba_export_all_rw on

Also if you look at the setroubleshoot log generated by auditd it gives you several suggestions on how to potentially fix your issue with a relative confidence level from 1-100.

To view these logs and suggestions run:sealert -a /var/log/audit/audit.log

In short, to fix this issue run the command:setsebool -P samba_export_all_rw on

Then restart the service.

Edit:

Additionally ensure you apply the appropriate selinux context to your samba share directory by using the following command:

semanage fcontext -a -t samba_share_t "/PATH_TO_SHARE(/.*)?"
Share:
10,591

Related videos on Youtube

hwilliams
Author by

hwilliams

Updated on September 18, 2022

Comments

  • hwilliams
    hwilliams almost 2 years

    I'm trying to setup a samba server to share data among clients via cifs. As a test, I mounted the samba share on the same machine and tried to access the contents of the directory. The mount command was:

    mount -t cifs -o username=sthomaso,workgroup=WORKGROUP //server/scratch /mnt/server/scratch

    ...which worked fine after entering the password. Although I can cd /mnt/server/scratch, when I try to list the contents of the directory with ls, I get error ls: reading directory .: Permission denied.

    On the server, my /etc/samba/smb.conf is:

    [global]
    security = user
    workgroup = WORKGROUP

[homes]
    writeable = yes

[scratch]
    path = /var/scratch
    valid users = @feausers
    writeable = yes

    User "sthomaso" was added to tdbsam with command:

    pdbedit -a -u sthomaso

    User "sthomaso" is in group "feausers", verified with the "groups sthomaso" command.

    /bin/ls -lF /var | grep scratch shows:

    drwxrwx--T. 2 root feausers 4096 Jun 14 14:40 scratch/

    /var/log/samba/log.smbd contains validation of a successful connection in line:

    <snip> smbd/service.c:1070(make_connection_snum)
<snip> connect to service scratch initially as user sthomaso (uid=500, gid=501) (pid 99999)

    So it looks like I am successfully mounting the share, but why can't I read the directory and access the files?

    • hwilliams
      hwilliams about 13 years
      Forgot to mention...this is RHEL 6.1

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Prevent creating directories but allow creating files
Uploading in MVC Dynamically creating folder with persmissions
ApplicationPoolIdentity user cannot modify files in shared folder in Windows Server 2008
How to compare 2 folders' permission on Unix?
set read and write permissions to folder and all its parent directories
How to troubleshoot Samba error NT_STATUS_HOST_UNREACHABLE
How to allow Windows pc to modify Linux files over Samba server without allowing full 777 access?
Force Samba to Require Credentials from Windows Client
chmod 777 on a home network
allow all users to read/write any files/folders on 2nd drive regardless of who created it