1. case: The process smbd access "homes" and attempt to hadle "homes" (and try to access my home dir) even though I did not specified the section [homes] in my configuration file. 2 case: The process smbd access my "homes" and attempt to handle "homes" (and try to access my home dir) even though I tried to redirect my home dir to another location by following configuration: #cutout from my config file ... [homes] path=/somewhere_else/on_different_filesystem ... Related smbd log - output of command "smbd -i -d 10 |grep -A 10 -B 10 home": //BEGIN of listing of output of command "smbd -i -d 10 |grep -A 10 -B 10 home" -- push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- SID[ 4]: S-1-5-11 SE_PRIV 0x0 0x0 0x0 0x0 register_initial_vuid: allocated vuid = 100 register_existing_vuid: (500,500) myusername myusername MYHOSTNAME guest=0 register_existing_vuid: User name: myusername Real name: Big Fart register_existing_vuid: UNIX uid 500 is UNIX user myusername, and will be vuid 100 Locking key 49442F383938382F3130 Allocated locked data 0x0xb990df00 Unlocking key 49442F383938382F3130 lp_servicenumber: couldn't find myusername Adding homes service for user 'myusername' using home directory: '/home/myusername' lp_servicenumber: couldn't find homes lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Jun 6 21:12:08 2008 size=112 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=49153 -- push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 -- NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username myusername, was pdb_set_domain: setting domain MYHOSTNAME, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Big Fart, was Home server: myhostname pdb_set_homedir: setting home dir \\myhostname\myusername, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: myhostname pdb_set_profile_path: setting profile path \\myhostname\myusername\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 //END of listing of output of command "smbd -i -d 10 |grep -A 10 -B 10 home" Finaly how I realized this. Simply by checking my selinux log. I found that selinux complaining about following issue: " ... setroubleshoot: SELinux is preventing the samba daemon from reading users' home directories. For complete SELinux messages. ..." I listed bellow how "sealert" tool in my Fedora 9 explained what happened from the system point of view. The listing contains also all neccessary information about my system and used/related software. //BEGIN of listing of sealert output Summary: SELinux is preventing the samba daemon from reading users' home directories. Detailed Description: SELinux has denied the samba daemon access to users' home directories. Someone is attempting to access your home directories via your samba daemon. If you only setup samba to share non-home directories, this probably signals a intrusion attempt. For more information on SELinux integration with samba, look at the samba_selinux man page. (man samba_selinux) Allowing Access: If you want samba to share home directories you need to turn on the samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1" Fix Command: setsebool -P samba_enable_home_dirs=1 Additional Information: Source Context unconfined_u:system_r:smbd_t:s0 Target Context system_u:object_r:home_root_t:s0 Target Objects /home [ dir ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host my_hostname Source RPM Packages samba-3.2.0-1.rc1.14.fc9 Target RPM Packages filesystem-2.4.13-1.fc9 Policy RPM selinux-policy-3.3.1-55.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name samba_enable_home_dirs Host Name my_hostname Platform Linux my_hostname 2.6.25.4-30.fc9.i686 #1 SMP Wed May 21 18:12:35 EDT 2008 i686 athlon Alert Count 7621 First Seen Thu Jun 5 18:32:21 2008 Last Seen Fri Jun 6 21:00:00 2008 Local ID 914f986c-f627-4444-8d60-305ad1e553f2 Line Numbers Raw Audit Messages host=my_hostname type=AVC msg=audit(1212778800.465:105): avc: denied { getattr } for pid=8793 comm="smbd" path="/home" dev=md3 ino=2 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir host=my_hostname type=SYSCALL msg=audit(1212778800.465:105): arch=40000003 syscall=195 success=no exit=-13 a0=bf9fecd5 a1=bf9ff0cc a2=514ff4 a3=bf9fecdb items=0 ppid=8789 pid=8793 auid=500 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=1 comm="smbd" exe="/usr/sbin/smbd" subj=unconfined_u:system_r:smbd_t:s0 key=(null) //END of listing of sealert output
Created attachment 3337 [details] Output of grepped smbd log
Created attachment 3338 [details] Output of sealert
Works for me. Do you have any details how to reproduce the described behaviour?