Samba denying permission to user when loggin in

I’m trying to set up a samba share through Cockpit using the 45drives plugin. My user is getting the following message: "This location could not be displayed. You do not have the permissions necessary to view the contents of “mcgill on 10.0.0.10.”.

I can see it’s a permission issue, but I’m unsure where it is. I have prior users on the same machine with different shares, but they have no issues.

I’ve set permissions to 700 for the mcgill user, which I’m logging in with. I’ve also used semangage to add the samba_share_t acl to the folder.

ls -Zal /mnt/raid/accounts/McGill spits out the following:
drwx------. 2 mcgill mcgill unconfined_u:object_r:samba_share_t:s0 4096 Nov 24 09:56 McGill

getfacl spits out this:

getfacl: Removing leading '/' from absolute path names
# file: mnt/raid/accounts/McGill
# owner: mcgill
# group: mcgill
user::rwx
group::---
other::---

testparm spits out this:

[McGill]
        path = /mnt/raid/accounts/McGill
        read only = No
        valid users = mcgill
        vfs objects = full_audit
        full_audit:failure = connect
        full_audit:prefix = ???%I???%u???%m???%S???%T???
        full_audit:facility = local5
        full_audit:success = connect disconnect openat renameat linkat unlinkat
        full_audit:priority = notice

Alright, solved my issue after looking more through the forums. A user in a different thread suggested this: 8.3.8. Allowing Access: audit2allow

Typing in “sudo audit2allow -w -a” gave me the following:

type=AVC msg=audit(1732469260.281:7975): avc:  denied  { write } for  pid=172089 comm="smbd[10.0.0.10" name="mcgill" dev="dm-0" ino=25168127 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
        Was caused by:
        One of the following booleans was set incorrectly.
        Description:
        Allow samba to enable home dirs

        Allow access by executing:
        # setsebool -P samba_enable_home_dirs 1
        Description:
        Allow samba to export all rw

        Allow access by executing:
        # setsebool -P samba_export_all_rw 1

After typing in the recommended commands, my user is able to access the share.

1 Like