Fedora 15 Samba
See Fedora 17 Samba
Contents
Intro
Getting Samba to work with Fedora 15 has exposed some corners of Samba I hadn't had to see before.
My Setup
I've got a wonky setup. I've got a /backup partition where I store everything in my home directory I want to keep between upgrades in /backup/jgardner. I link to everything from my home dir to that partition.
Samba installed rather easily, and copying my configuration from Fedora 13 got it all working in a matter of minutes.
Here's what I did:
/etc/samba/smb.conf
The first (and only) thing you need to do to smb.conf is change the workgroup.
workgroup = HOME
What workgroup do you use?
- On Windows XP, click on "My Computer" then on "System Properties". Go to the "Computer Name" tab and look at the "Workgroup". That's what you need to use. If you want to rename your computer, a reboot is required.
- For Windows 7, these instructions suffice.
chkconfig
Turn smb on.
# chkconfig smb on
And start it up.
# service smb start
Sym Links Broken
When I tried to follow the sym links, I got a message:
Y:\Documents is not accessible Access is denied.
I had to modify both SELinux and /etc/sambda/smb.conf to fix this.
For SELinux, the SELinux Troubleshooter app gave me proper instructions.
For /etc/samba/smb.conf, I found this thread that showed me the two config options I had to modify under the [global] section.
unix extenstions = no wide links = yes
A quick restart (service smb restart) showed that everything was now working.
What Happened?
Apparently, someone freaked out because you can do nasty things like link /etc/passwd to a user's home directory. I don't know what the panic is about---you can control which directories and files which processes have access to with basic UNIX permissions and SELinux just fine. It's probably much ado about nothing.
To resolve the panic, the default Samba configuration no longer follows sym links.
What I Recommend
I think we're at the stage now with Unix Permissions, SELinux, and every other tiny security feature for every other system that things are getting too confusing. In the Linux environment, there should be exactly one security system that everyone focuses on and everyone understands. SELinux is a very good candidate for this, because of the granularity of control.
That means, in my opinion, it's time we abandoned the old UNIX security model (rwxr-xr-x) and just stuck with SELinux.
It also means that individual apps and servers shouldn't concern themselves with which files they should have access to. They should just write some basic policies that the distros and administrators can fine tune.
Fallout
I started getting gumph from SELinux about sshd trying to access /backup. That's really odd. Why does sshd care what is in /backup?