Product SiteDocumentation Site

11.3.4.2. Sharing a website

It may not be possible to label files with the samba_share_t type, for example, when wanting to share a website in /var/www/html/. For these cases, use the samba_export_all_ro Boolean to share any file or directory (regardless of the current label), allowing read only permissions, or the samba_export_all_rw Boolean to share any file or directory (regardless of the current label), allowing read and write permissions.
The following example creates a file for a website in /var/www/html/, and then shares that file through Samba, allowing read and write permissions. This example assumes the httpd, samba, samba-common, samba-client, and wget packages are installed:
  1. As the root user, create a /var/www/html/file1.html file. Copy and paste the following content into /var/www/html/file1.html:
    <html>
    <h2>File being shared through the Apache HTTP Server and Samba.</h2>
    </html>
    
  2. Run ls -Z /var/www/html/file1.html to view the SELinux context of file1.html:
    $ ls -Z /var/www/html/file1.html
    -rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/file1.html
    
    file1.index.html is labeled with the httpd_sys_content_t. By default, the Apache HTTP Server can access this type, but Samba can not.
  3. Run service httpd start as the root user to start the Apache HTTP Server:
    service httpd start
    Starting httpd:                                            [  OK  ]
    
  4. Change into a directory your user has write access to, and run the wget http://localhost/file1.html command. Unless there are changes to the default configuration, this command succeeds:
    $ wget http://localhost/file1.html
    --2009-03-02 16:32:01--  http://localhost/file1.html
    Resolving localhost... 127.0.0.1
    Connecting to localhost|127.0.0.1|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 84 [text/html]
    Saving to: `file1.html.1'
    
    100%[=======================>] 84          --.-K/s   in 0s      
    
    2009-03-02 16:32:01 (563 KB/s) - `file1.html.1' saved [84/84]
    
  5. Edit /etc/samba/smb.conf as the root user. Add the following to the bottom of this file to share the /var/www/html/ directory through Samba:
    [website]
    comment = Sharing a website
    path = /var/www/html/
    public = no
    writeable = no
    
  6. The /var/www/html/ directory is labeled with the httpd_sys_content_t type. By default, Samba can not access files and directories labeled with the httpd_sys_content_t type, even if Linux permissions allow it. To allow Samba access, run the following command as the root user to turn the samba_export_all_ro Boolean on:
    setsebool -P samba_export_all_ro on
    
    Do not use the -P option if you do not want the change to persist across reboots. Note: turning the samba_export_all_ro Boolean on allows Samba to access any type.
  7. Run service smb start as the root user to start smbd:
    service smb start
    Starting SMB services:                                     [  OK  ]