|
On 05/24/14 08:40, dE wrote:
On 05/24/14 01:02, toản cù wrote:
Hi all!
I just researching
policy in selinux and Samba , SELinux has policy module
separate for samba. I only know the label samba_share_t
used to share data when labeled in SELinux enforcing mode.
I want to use SELinux
further intervention on the issue of decentralization for
each user to access data on the samba. How the same file
(*. docx, *. txt), user1 can read, write but user2 is
not.
And one more question:
in a group have different users the same access to the
samba. those users have some same rights, and some the
right different. example the rights to read,write on a
file is different. How to make a difference the rights
between users in the same group
Look forward your help!
Thanks!
--
Mr.Toan-Cu Xuan
School
of Electronics and Telecommunications
Hanoi
University of Science and Technology
1
Dai Co Viet, Ha noi, Viet nam.
Phone:
01656228762
Email:xuantoanbkfet@xxxxxxxxx
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
I don't think smbd spawns a new process when a new user logs in
(that's why we have 'force user'), so there's no way for SELinux
to identify the login user of the SMB service.
Otherwise what could've been done is set the umask to 077 and
inherit owner, inherit permissions to yes. So DAC whould've been
good enough for the purpose.
I dont remember how
Actually it does.
Set 'username map' and you get what you want with DAC.
|
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
