CentOS

Hi everybody,
I'm banging my head against samba once more..

Samba 3.5.6 on a Centos 6.0 Linux server.

I have a samba share that I can access but I can't write to.
The Linux directory is writeable and the Samba configuration for the share is "read only = no" but the smbstatus output says RDONLY nonetheless.
This happens both from a Win7 and from an XP machine.

Outputs below.... and many thanks to anyone will help!

[b]Share permissions:[/b]
drwxrwxrwx. 14 sigwix sigwix 4096 27 dic 19:06 /u/share

[b]smbstatus output:[/b]
Samba version 3.5.6-86.el6_1.4
PID Username Group Machine
-------------------------------------------------------------------
2181 andrea direzione pc_am (::ffff:192.168.100.111)

Service pid machine Connected at
-------------------------------------------------------
andrea 2181 pc_am Tue Dec 27 19:12:12 2011
LinuxShare 2181 pc_am Tue Dec 27 19:02:11 2011

Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
2181 500 DENY_NONE 0x100081 RDONLY NONE /u/share . Tue Dec 27 19:21:28 2011


[b]Samba config file:[/b]
[global]
workgroup = MATELCO
server string = Matelco Samba Server Ver.%v
guest account = moressi
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = hosts, lmhost, wins, bcast
printcap name = /etc/printcap
comment = Gestionale Matelco
hosts allow = 192.168.100., 127.
hosts deny = ALL
cups options = raw

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = Samba Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No

[LinuxShare]
comment = Dati da condividere
path = /u/share
read only = No
create mask = 0664
guest ok = Yes

Show the output from

[code]
ls -laZ /u/share
sestatus
[/code]

Thank you
andrea


SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted


drwxrwxrwx. sigwix sigwix unconfined_u:object_r:etc_runtime_t:s0 .
drwxrwxrwx. root root system_u:object_r:etc_runtime_t:s0 ..
-rw-r--r--. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 acquisti.csv
-rw-r--r--. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 b4b02mux.exe
-rw-rw-r--. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 BCMATEL
drwxr-xr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 Centos_Install
drwxrwxrwx. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 DatiRelativity
drwxrwxrwx. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 Documenti Condivisi Matelco
drwxrwxr-x. moressi direzione unconfined_u:object_r:etc_runtime_t:s0 dreel423
drwxr-xr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 eeePC
-rw-r--r--. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 filesconti
-rw-rw-rw-. moressi direzione unconfined_u:object_r:etc_runtime_t:s0 .forfax.bak
drwxr-xr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 ghostpdl-8.71
drwxr-xr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 i865
drwxrwxr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 laser
-rw-rw-r--. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 LISMATEL
drwxr-xr-x. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 LISTINI
-rw-rw-rw-. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 ls.out.txt
-rwxr-xr-x. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 ORF.printer
drwxrwxrwx. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 PDF
-rw-rw-r--. moressi direzione unconfined_u:object_r:etc_runtime_t:s0 pgmiva21
-rw-rw-rw-. moressi direzione unconfined_u:object_r:etc_runtime_t:s0 seqliout.txt
-rw-rw-rw-. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 sestatus.out.txt
-rw-rw-r--. samba samba unconfined_u:object_r:etc_runtime_t:s0 STAMENU.modiva
-rw-r--r--. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 testparm.out
drwxr-xr-x. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 tmp
drwxrwxrwx. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 TmpAliseo
-rw-r--r--. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 vai85
-rw-r--r--. moressi sigwix unconfined_u:object_r:etc_runtime_t:s0 wprespec.csv
-rw-r--r--. andrea direzione unconfined_u:object_r:etc_runtime_t:s0 wprespef.bak
-rw-rw-rw-. moressi direzione unconfined_u:object_r:etc_runtime_t:s0 wprespef.csv

Your selinux context is wrong for those files and directories so you need to do something like

[code]
/usr/sbin/semanage fcontext -a -t public_content_rw_t '/u/share(/.*)?'
/sbin/restorecon -RF /u/share
[/code]

Thank you for pointing me in the right direction: it definitely appears to be an SELinux protection problem.

Unfortunately the commands you suggested did not fix it. The directory is still not writable by Samba and this is what SELinux logs:
type=AVC msg=audit(1325059832.169:133): avc: denied { write } for pid=4807 comm="smbd" name="share" dev=md3 ino=784897 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:public_content_rw_t:s0 tclass=dir

Looks like klingon to me.... :(

Try

[code]
setsebool -P samba_export_all_rw=1
[/code]

Bingo! That finally worked. Thank you again for sharing your competence.

For posterity:
problem was caused by SELinux policy preventing Samba daemon from writing to shared directory.

To issue the above commands you'll have to install SELinux policy core python utilities first, doing:

[code]
yum install policycoreutils-python
[/code]
andrea

Thanks for reporting back. Marking this thread [SOLVED] for posterity.

Do think about updating. The current release is 6.2.