CentOS(RedHat) 6.2 Samba share权限拒绝访问

在实现《CentOS(RedHat) 6.2下Samba配置》的过程中，发现CentOS 6.2的Samba share总是没有权限写文件，已经试过在Windows XP/Windows 2003和2台CentOS。当然已经在CentOS端给了所有人完整的权限。而在RH 5.0系列是没有这个问题的。

网上找了一下，参考以下2篇文章：

• Windows 7 map network drive to Centos Linux samba share gives “Access Denied”

试了一下运行：

chcon -Rt samba_share_t /var/samba/resource

还是不行。

• CentOS 6.0 samba share权限拒绝访问不能创建文件 原来是SELinux在作怪，修改/etc/selinux/config如下：

  [root@server1 ~]# cat /etc/selinux/config
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  #       enforcing - SELinux security policy is enforced.
  #       permissive - SELinux prints warnings instead of enforcing.
  #       disabled - SELinux is fully disabled.
  SELINUX=disabled
  # SELINUXTYPE= type of policy in use. Possible values are:
  #       targeted - Only targeted network daemons are protected.
  #       strict - Full SELinux protection.
  SELINUXTYPE=targeted

重启server后HOME 目录可以写了，可是建立的本地Samba share始终不能写入。

后来想到可能是smb.conf配置有问题，smb.conf配置如下：

[resource]
               comment = local resource
               path = /var/samba/resource
               writable = yes                    # OK to write

用testparm一测试果然有问题:

[resource]
        comment = local resource
        path = /var/samba/resource

“writable = yes” 哪里去了？看了看HOME的输出都是”read only = No”，于是把配置改成如下：

[resource]
               comment = local resource
               path = /var/samba/resource
               read only = No

重启SMB service后，问题搞定！，testparm也能正常输出：

[resource]
        comment = local resource
        path = /var/samba/resource
        read only = No

我这个版本Samba难道不认识writable = yes ，只认read only = No ，奇怪?

[root@server2 samba]# uname -a
Linux server2 2.6.32-220.el6.i686 #1 SMP Tue Dec 6 16:15:40 GMT 2011 i686 i686 i386 GNU/Linux
[root@server2 samba]# cat /etc/centos-release
CentOS release 6.2 (Final)
[root@server2 samba]# rpm -qa |grep samba
samba-common-3.5.10-125.el6.i686
samba-client-3.5.10-125.el6.i686
samba-3.5.10-125.el6.i686
samba4-libs-4.0.0-23.alpha11.el6.i686
samba-winbind-clients-3.5.10-125.el6.i686
[root@server2 samba]#

带着这个疑问，我又进行了测试，发现如果我指定了用户或组的情况下，writable = yes是可以的：

[resource]
               comment = local resource
               path = /var/samba/resource
;              read only = No
               writable = yes
               valid users=jonathan

testparm正常输出:

[root@server1 ~]# service smb stop
Shutting down SMB services:                                [  OK  ]
[root@server1 ~]# service smb start
Starting SMB services:                                     [  OK  ]
[root@server1 ~]# testparm
Load smb config files from /etc/samba/smb.conf
 
[resource]
        comment = local resource
        path = /var/samba/resource
        valid users = jonathan
        read only = No

对于这个设计我只能表示无奈，亦或是自己太无知了。