|
|
104.
|
|
|
There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part of the <application>apparmor-profiles</application> packages. To install the package, from a terminal prompt, enter:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:602(para)
|
|
|
105.
|
|
|
sudo apt-get install apparmor-profiles
|
|
|
|
|
sudo apt-get install apparmor-profiles
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
docs/sharing/C/sharing.xml:549(command)
|
|
|
106.
|
|
|
This package contains profiles for several other binaries.
|
|
|
|
|
Ez a csomag számos más binárishoz is tartalmaz profilokat.
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
docs/sharing/C/sharing.xml:552(para)
|
|
|
107.
|
|
|
By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode, allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:619(para)
|
|
|
108.
|
|
|
Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename>, adding information for <emphasis>[share]</emphasis> from the file server example:
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
docs/sharing/C/sharing.xml:564(para)
|
|
|
109.
|
|
|
/srv/samba/share/ r,
/srv/samba/share/** rwkix,
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
|
|
/srv/samba/share/ r,
/srv/samba/share/** rwkix,
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
docs/sharing/C/sharing.xml:568(programlisting)
|
|
|
110.
|
|
|
Now place the profile into <emphasis>enforce</emphasis> and reload it:
|
|
|
|
|
Most állítsa a profilt <emphasis>enforce</emphasis> módba és töltse újra:
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:638(para)
|
|
|
111.
|
|
|
sudo aa-enforce /usr/sbin/smbd
|
|
|
|
|
sudo aa-enforce /usr/sbin/smbd
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
docs/sharing/C/sharing.xml:576(command)
|
|
|
112.
|
|
|
cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r
|
|
|
|
|
cat /etc/apparmor.d/usr.sbin.smbd | sudo apparmor_parser -r
|
|
Translated and reviewed by
Pittmann Tamás
|
|
|
|
Located in
docs/sharing/C/sharing.xml:577(command)
|
|
|
113.
|
|
|
It is now possible to read, write, and execute files in the shared directory as normal, and the <application>smbd</application> binary will have access to only the configured files and directories. Be sure to add entries for each directory that Samba is configured to share. Any errors will be logged to <filename>/var/log/syslog</filename>.
|
|
|
|
|
(no translation yet)
|
|
|
|
Located in
../docs/sharing/C/sharing.xml:647(para)
|
