What does Chcon command do?

What does Chcon command do?

The chcon command changes the SELinux context for files. When using chcon , users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.

What is Samba_share_t?

chcon – Changes security context for files. You can read more about chcon here. -t samba_share_t – The -t is used to designate the target security context’s type, which in this case, is samba_share_t . /path/to/share/ is the file targeted for the chcon operation.

Why Samba is used in Linux?

Samba is an open-source implementation of the Server Message Block ( SMB ) and Common Internet File System ( CIFS ) protocols that provides file and print services between clients across various operating systems.

Is Chcon permanent?

The chcon program can change the context of a file; however, changes made with are not preserved if the file is relabeled with , or if the entire file system is relabeled using touch /. The program can make persistent customizations to the SELinux policy configuration. …

Is Semanage permanent?

The setfiles utility is used when a file system is relabeled and the restorecon utility restores the default SELinux contexts. This means that changes made by semanage fcontext are persistent, even if the file system is relabeled.

How to set context to samba _ share _ T?

If /data is only used by samba you can use context mount option to set file context to samba_share_t for all files on /data, eg. context=”system_u:object_r:samba_share_t:s0″ in fstab. Mount time context option overrides existing file labels, but does not modify disk contents.

Are there booleans that allow Samba to share directories?

There are two booleans that you can set to allow the sharing of standard directories. If you want to share any standard directory read/only you can set the boolean samba_export_all_ro. This boolean would allow Samba to read and write every file on your system. So a compromised Samba server would be very dangerous.

How do you label a file in samba?

When sharing files with Samba you have many options on how to label the files. If you want to share files/directories other than home directories or standard directory. You should label these files/directories as samba_share_t. For example if you created the directory /var/eng, you can label the directory and its contents with the chcon tool.

How does Samba SELinux secure the Samba server?

Security-Enhanced Linux secures the Samba server via flexible mandatory access control. SELinux Samba policy defaults to least privilege access. Several Booleans and file contexts are available to customize the way Samba SELinux works. SELinux requires files be labeled with an extended attribute to define the file type.