I set up a samba server on my laptop for family members. The setup is like this:
Added a separate user for share called shareuser
with uid=250
Added the user to the smb database, password set up: sudo smbpasswd -a shareuser
Created a group for the smb share and added the user to it:
groups shareuser
shareuser : shareuser smbgroup1
Set the SELinux context properly, changed group ownership to smbgroup1 (recursive):
drwxrwx---. 6 my-username smbgroup1 system_u:object_r:samba_share_t:s0 4096 Feb 4 2022 .
drwx--x---+ 17 my-username my-username system_u:object_r:mnt_t:s0 4096 Sep 2 11:15 ..
drwxrwxr-x. 20 my-username smbgroup1 system_u:object_r:samba_share_t:s0 4096 Sep 3 18:16 foo1
drwxrwxr-x. 8 my-username smbgroup1 system_u:object_r:samba_share_t:s0 4096 May 14 19:34 foo2
drwxrwxr-x. 11 my-username smbgroup1 system_u:object_r:samba_share_t:s0 4096 Aug 27 16:19 foo3
drwxrwxr-x. 9 my-username smbgroup1 system_u:object_r:samba_share_t:s0 4096 Jan 30 2022 foo4
relevant smb.conf part:
[share]
comment = <comment>
path = <path>
writeable = yes
guest ok = no
valid users = @smbgroup1
force create mode = 774
force group = smbgroup1
force directory mode = 770
inherit permissions = yes
And restarted the samba daemon, but no matter what I keep getting permission denied when trying to log in
sudo tail /var/log/samba/log.smbd
[2022/09/03 18:27:03.885867, 0] ../../source3/smbd/service.c:168(chdir_current_service)
chdir_current_service: vfs_ChDir(<path>) failed: Permission denied. Current token: uid=250, gid=1002, 2 groups: 1001 1002
[2022/09/03 18:27:04.293680, 0] ../../source3/smbd/service.c:168(chdir_current_service)
chdir_current_service: vfs_ChDir(<path>) failed: Permission denied. Current token: uid=250, gid=1002, 2 groups: 1001 1002
[2022/09/03 18:27:04.297128, 0] ../../source3/smbd/service.c:168(chdir_current_service)
chdir_current_service: vfs_ChDir(<path>) failed: Permission denied. Current token: uid=250, gid=1002, 2 groups: 1001 1002
[2022/09/03 18:27:04.615441, 0] ../../source3/smbd/service.c:168(chdir_current_service)
chdir_current_service: vfs_ChDir(<path>) failed: Permission denied. Current token: uid=250, gid=1002, 2 groups: 1001 1002
[2022/09/03 18:27:04.671344, 0] ../../source3/smbd/service.c:168(chdir_current_service)
chdir_current_service: vfs_ChDir(<path>) failed: Permission denied. Current token: uid=250, gid=1002, 2 groups: 1001 1002
Also no SELinux problem:
sudo grep denied /var/log/audit/audit.log
type=AVC msg=audit(1661769921.811:363): avc: denied { append } for pid=1385 comm="sddm-helper" name=".Xauthority" dev="nvme0n1p3" ino=2360589 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
In theory it should work but it isn’t working, is it something to do with SELinux or some form of access control I’m not aware of?