A minimal samba share with SELinux

Time off and new toys

I recently got myself a raspberry pi in trade for a sauce pan and had to come up with a use for it. In struggling to come up with a use a basic samba share came to mind. Now, I used to be a sysadmin and do this sort of thing for a living and thought this would be a simple exercise in memory recall. It was not quite so stright forward.

Network shares

I’m working with a Fedora server 35 setup which comes with a per-user home share, but I wanted to share out an attached disk with full world read/write. Not high security I know, but highly usable and access is limited via firewalld. Anyway, I began with a basic open config

[Public]
	Comment = A public share for the world to write to
	writeable = yes
	public = yes
	browsable = yes
	path = /home/jon/Share_Dir

Get samba running (and running on boot) with systemctl enable smb; systemctl start smb and I’m left with a share that I can connect to, but which is empty. The disk itself wasn’t empty and I could see my files sitting there when I ssh’d in. I played with file permissions, users permissions, and all sorts of snake oil config options I found all over the web. The catch? SELinux. The last time I set this up SELinux was still fairly nascent. Turns out SELinux has things to say about samba shares. Thankfully the fix is fairly straight forward. New to me but there’s a command line utility chcon to change the SELinux context of a file or folder and a context type samba_share_t which I need to apply. In my case chcon -R -t samba_share_t /home/jon/Share_Dir. Applying that tells SELinux that you do indeed want to share out your target directory (and everything in it). After changing the directory context the samba share was online and working as intended with the share defined above.

Thanks for reading