|
|
107.
|
|
|
By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode, allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:619(para)
|
|
|
108.
|
|
|
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
docs/sharing/C/sharing.xml:671(para)
|
|
|
109.
|
|
|
/srv/samba/share/ r,
/srv/samba/share/** rwkix,
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
docs/sharing/C/sharing.xml:676(programlisting)
|
|
|
110.
|
|
|
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:638(para)
|
|
|
111.
|
|
|
sudo aa-enforce /usr/sbin/smbd
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
docs/sharing/C/sharing.xml:686(command)
|
|
|
112.
|
|
|
cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
docs/sharing/C/sharing.xml:687(command)
|
|
|
113.
|
|
|
It is now possible to read, write, and execute files in the shared directory as normal, and the <application>smbd</application> binary will have access to only the configured files and directories. Be sure to add entries for each directory that Samba is configured to share. Any errors will be logged to <filename>/var/log/syslog</filename>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:647(para)
|
|
|
114.
|
|
|
For in depth Samba configurations, see the <ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/">Samba HOWTO Collection</ulink>
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:661(para)
|
|
|
115.
|
|
|
O'Reilly's <ulink url="http://www.oreilly.com/catalog/9780596007690/">Using Samba</ulink> is also a good reference.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:673(para) ../docs/sharing/C/sharing.xml:1065(para)
|
|
|
116.
|
|
|
<ulink url="http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:679(para)
|
