Join Log in
Score:0
avatar Server

Allow samba share to access mounted remote file store

ru flag
gen_Eric

I have two servers on the same network. One running Windows Server 2016 and another running CentOS 8. The Windows server is my main file store, it's where all my data is. The CentOS server has the Windows share mounted and can access its files.

On CentOS, I've setup a samba share. Why? Because I have a webapp running on that same server and I want the webapp to control who can access what file. So, instead of having our (internal) users mount the Windows share directly, they'll be mounting the CentOS share which will be "gatekeeping" access to the files.

In the samba folder, there are folders for each user and a config to allow users access to just their folders. The webapp is configured to add symlinks into these folders that link to the "real" files.

This is where the issue is. If I add a "normal" files into a user's folder, they can access it just fine. But if I add a symlink (to a file in the mounted Windows share), it doesn't appear for them. I'm pretty sure this is an SELinux issue.

Here's how things are setup.

  • The Windows share is mounted

    sudo mount -t cifs //WindowsShare/data /media/WinShare \ 
  -o ip=192.168.1.5,username=user,gid=sambashare

ls -alhZ /media/WinShare
drwxr-xr-x. 2 root sambashare system_u:object_r:cifs_t:s0  0 Jan 10 16:57 files

  • A samba share is created and uses /srv/smb (all samba users are in the sambashare group)

    ls -alhZ /srv
drwxrwx---.  2 root sambashare unconfined_u:object_r:samba_share_t:s0    6 Jan 13 11:20 smb

  • The /etc/samba/smb.conf has the following:

    [global]
    allow insecure wide links = yes
    unix extensions = no

[adminShare]
    path = /srv/smb
    wide links = yes
    follow symlinks = yes

  • As a test, I added a symlink and a file

    ln -s /media/WinShare/files/test.pdf /srv/smb/test.pdf
touch /srv/smb/file.bin

Then I tried to mount \\CentOS\adminShare in a Windows VM and I don't see the test.pdf file but I do see file.bin.

How can I give the CentOS samba share access to the mounted Windows Server data? When setting up the CentOS server, I ran:

sudo semanage fcontext -a -t samba_share_t "/srv/smb(/.*)?"

This is what allowed me to see file.bin, but I still can't see file.pdf. I found this, but I don't know if I want to change everything:

sudo setsebool -P samba_export_all_rw=1

How can I allow samba to access the /media/WinShare folder? Would this work?

sudo semanage fcontext -a -t samba_share_t "/media/WinShare(/.*)?"
47
0 + 0
djdomi avatar
za flag
djdomi
degine a user for sharing, mostly an access issue due wrong user and chmod
1
Reply
Score:0
avatar Server
ru flag
gen_Eric

I fixed it! I had to mount the Windows share and force a context of samba_share_t.

When mounting add context=unconfined_u:object_r:samba_share_t:s0.

sudo mount -t cifs //WindowsShare/data /media/WinShare \
    -o ip=192.168.1.5,username=user,gid=sambashare,context=unconfined_u:object_r:samba_share_t:s0
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.