Subject: | |
From: | |
Reply To: | |
Date: | Thu, 20 Oct 2011 20:52:19 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 10/20/2011 08:36 PM, RILINDO FOSTER wrote:
> It is actually in the smb.conf file, assuming that it doesn't get overwritten by swat. Here is an excerpt:
>
>
> # Set labels only on directories you created!
> # To set a label use the following: chcon -t samba_share_t /path
> #
> # If you need to share a system created directory you can use one of the
> # following (read-only/read-write):
> # setsebool -P samba_export_all_ro on
> # or
> # setsebool -P samba_export_all_rw on
> #
> # If you want to run scripts (preexec/root prexec/print command/...) please
> # put them into the /var/lib/samba/scripts directory so that smbd will be
> # allowed to run them.
> # Make sure you COPY them and not MOVE them so that the right SELinux context
> # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
> #
>
> You can feel free to turn SELinux, but if you play around with it, it can be useful as an extra line of defense against intruders.
>
> - Rilindo
Thank you. It did get overwritten, not by swat, but by me. :'[
Is selinux effective enough as an "extra line of defense against intruders"?
or mostly just a pain in the neck. I would like the extra line of
defense, but only
if it works.
Thank you again for the quote from smb.conf!
-T
|
|
|