当我们在与linux中交换文件的时候,内网之间一般是用samba这个服务来实现,那我们也会遇到或多或少的阻碍,比如不能访问了,没权限啊,selinux 的问题等等。这次说一下selinux,我们总不能把selinux关掉吧,毕竟找出根本原因是最好方法,也能学习知识不是麽。
我共享了根目录下的backup文件夹,里面放的是系统自动备份的资料,selinux为强制状态,当我访问samba时,能进入到samba列表,但是打不开smb这个共享的文件夹,提示“找不到网络路径”。好,检查服务器日志:
May 25 08:53:33 rhel smbd[3364]: ‘/backup’ does not exist or permission denied when connecting to [smb] Error was 权限不够
接着下面:
May 25 08:47:46 rhel setroubleshoot: SELinux is preventing samba (smbd) “search” to ./backup (default_t). For complete SELinux messages. run sealert -l 65266ca9-18cb-49e1-8c83-d8a8f9dedf0a
提示我们执行红色部分语句查看具体错误信息。
[root@rhel ~]# sealert -l 65266ca9-18cb-49e1-8c83-d8a8f9dedf0a
摘要:
SELinux is preventing samba (smbd) “search” to ./backup (default_t).
详细的描述:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied samba access to ./backup. If you want to share this directory
with samba it has to have a file context label of samba_share_t. If you did not
intend to use ./backup as a samba repository it could indicate either a bug or
it could signal a intrusion attempt.
正在允许访问:
You can alter the file context by executing chcon -R -t samba_share_t ‘./backup’
You must also change the default file context files on the system in order to
preserve them even on a full relabel. “semanage fcontext -a -t samba_share_t
‘./backup'”
以下命令将允许这个权限:
chcon -R -t samba_share_t ‘./backup’
附加的信息:
源上下文 root:system_r:smbd_t
目标上下文 root:object_r:default_t
目标对象 ./backup [ dir ]
Source smbd
Source Path /usr/sbin/smbd
Port <未知的>
Host rhel
Source RPM Packages samba-3.0.33-3.28.el5
Target RPM Packages
策略 RPM selinux-policy-2.4.6-279.el5
Selinux 激活 True
策略类型 targeted
MLS 激活 True
强制模式 Permissive
插件名称 samba_share
主机名 rhel
平台 Linux rhel 2.6.18-194.el5 #1 SMP Tue Mar 16
21:52:39 EDT 2010 x86_64 x86_64
警告记数 3
First Seen Wed May 11 11:33:14 2011
Last Seen Wed May 25 08:47:44 2011
Local ID 65266ca9-18cb-49e1-8c83-d8a8f9dedf0a
行数
原始 Audit 消息
host=rhel type=AVC msg=audit(1306284464.893:47): avc: denied { search } for pid=3590 comm=”smbd” name=”backup” dev=sda1 ino=2505890 scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=dir
host=rhel type=SYSCALL msg=audit(1306284464.893:47): arch=c000003e syscall=80 success=yes exit=0 a0=2ad998a50580 a1=2ad998a50580 a2=2ad994ffdb90 a3=ea items=0 ppid=3584 pid=3590 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=”smbd” exe=”/usr/sbin/smbd” subj=root:system_r:smbd_t:s0 key=(null)
好多废话,那么主要的还是smb安全上下文的原因,在此,我知道samba的安全上下文是:samba_share_t (我为什么知道?学的呗)
[root@rhel ~]# chcon -R -t samba_share_t /backup/
再次访问,ok了~
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/506.html