Nguyen Xuan. Hai
2015-Oct-15 04:06 UTC
[Samba] Hide the files that doesn't have permission to access
Thank you guys for your reply. I tried but it still does not work On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote:> > These parameters must be put on share section, not in global section > > hide unreadable = yes > hide unwriteable files = yes > example > > [smb_shr1] > path = /mnt/LV002/share1 > read only = no > create mode = 0777 > directory mode = 0777 > public = yes > valid users = hai > hide unreadable = yes > hide unwriteable files = yes > > [smb_shr2] > path = /mnt/LV002/share2 > writable = yes > create mode = 0777 > directory mode = 0777 > public = yes > valid users = test > hide unreadable = yes > hide unwriteable files = yes >I mean users see only shares they can access. So "browseable = no" does not solve my problem> Hi, > > Do you want users see only shares they can access or do you want users see > only files they are allowed to open in some share? > > If the point is to hide shares you could try "browseable = no" in your > shares declaration, as it is done on [homes] share in addition to "valid > users = user" option.I tried but it still does not work> Sure, that is what you force with your settings in smb.conf. > Remove: > public = yes > > change the modes to 0XX0 > the last bit is for the world or everyone or publicThanks again -- ====================================================================Nguyen Xuan Hai (Mr) Toshiba Software Development (Vietnam) Co.,Ltd ==================================================================== -------------- next part -------------- -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com
Harry Jede
2015-Oct-21 17:07 UTC
[Samba] Hide the files that doesn't have permission to access
On 18:49:01 wrote Nguyen Xuan. Hai:> Thank you guys for your reply. > > I tried but it still does not work > > On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote: > > These parameters must be put on share section, not in global > > section > > > > hide unreadable = yes > > > > hide unwriteable files = yes > > > > example > > > > [smb_shr1] > > > > path = /mnt/LV002/share1 > > read only = no > > create mode = 0777 > > directory mode = 0777 > > public = yes > > valid users = hai > > > > hide unreadable = yes > > > > hide unwriteable files = yes > > > > [smb_shr2] > > > > path = /mnt/LV002/share2 > > writable = yes > > create mode = 0777 > > directory mode = 0777 > > public = yes > > valid users = test > > > > hide unreadable = yes > > > > hide unwriteable files = yes > > I mean users see only shares they can access. So "browseable = no" > does not solve my problem...> I tried but it still does not work > > > Sure, that is what you force with your settings in smb.conf. > > Remove: > > public = yes > > > > change the modes to 0XX0 > > the last bit is for the world or everyone or public > > Thanks againOK, i give you a working example: debby-3:~# testparm -s --section-name=ftp 2>/dev/null [ftp] path = /home/ftp guest ok = Yes hide unreadable = Yes debby-3:~# ls -l /home/ftp/test insgesamt 24 drwxr-xr-x 4 root root 4096 18. Apr 2009 backports drwxr-xr-x 4 root root 4096 18. Apr 2009 debian drwxr-xr-x 5 root root 4096 25. Apr 2009 delixs drwxr-xr-x 2 root root 4096 21. Okt 17:43 dummy drwxr-xr-x 2 root root 4096 21. Okt 17:43 dummy2 drwxr-xr-x 2 hjede root 4096 21. Okt 17:43 dummy3 root at debian:~# smbclient //debby-3/ftp -c 'ls test/*' -Uhjede% Domain=[KRONPRINZ] OS=[Unix] Server=[Samba 3.5.6] . D 0 Wed Oct 21 17:43:37 2015 .. D 0 Fri Aug 7 18:15:16 2015 dummy2 D 0 Wed Oct 21 17:43:31 2015 delixs D 0 Sat Apr 25 18:16:49 2009 backports D 0 Sat Apr 18 20:12:23 2009 debian D 0 Sat Apr 18 20:12:23 2009 dummy3 D 0 Wed Oct 21 17:43:37 2015 dummy D 0 Wed Oct 21 17:43:28 2015 Now, remove the read bit for other for a directory or file: debby-3:~# chmod o-r /home/ftp/test/dummy2 debby-3:~# ls -l /home/ftp/test insgesamt 24 drwxr-xr-x 4 root root 4096 18. Apr 2009 backports drwxr-xr-x 4 root root 4096 18. Apr 2009 debian drwxr-xr-x 5 root root 4096 25. Apr 2009 delixs drwxr-xr-x 2 root root 4096 21. Okt 17:43 dummy drwxr-x--x 2 root root 4096 21. Okt 17:43 dummy2 drwxr-xr-x 2 hjede root 4096 21. Okt 17:43 dummy3 root at debian:~# smbclient //debby-3/ftp -c 'ls test/*' -Uhjede Domain=[KRONPRINZ] OS=[Unix] Server=[Samba 3.5.6] . D 0 Wed Oct 21 17:43:37 2015 .. D 0 Fri Aug 7 18:15:16 2015 delixs D 0 Sat Apr 25 18:16:49 2009 backports D 0 Sat Apr 18 20:12:23 2009 debian D 0 Sat Apr 18 20:12:23 2009 dummy3 D 0 Wed Oct 21 17:43:37 2015 dummy D 0 Wed Oct 21 17:43:28 2015 the user hjede does *not* see the directory dummy2 hope this helps -- regards Harry Jede
Partha Sarathi
2015-Oct-21 17:18 UTC
[Samba] Hide the files that doesn't have permission to access
Hi, Try these params to hide files when users doesn't have read/write access to them. hide unreadable (S) This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off. Default: *hide unreadable = no* hide unwriteable files (S) This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual. Default: *hide unwriteable files = no* On Wed, Oct 14, 2015 at 9:06 PM, Nguyen Xuan. Hai < hai.nguyenxuan at toshiba-tsdv.com> wrote:> Thank you guys for your reply. > > I tried but it still does not work > On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote: > >> >> These parameters must be put on share section, not in global section >> >> hide unreadable = yes >> hide unwriteable files = yes >> example >> >> [smb_shr1] >> path = /mnt/LV002/share1 >> read only = no >> create mode = 0777 >> directory mode = 0777 >> public = yes >> valid users = hai >> hide unreadable = yes >> hide unwriteable files = yes >> >> [smb_shr2] >> path = /mnt/LV002/share2 >> writable = yes >> create mode = 0777 >> directory mode = 0777 >> public = yes >> valid users = test >> hide unreadable = yes >> hide unwriteable files = yes >> >> > I mean users see only shares they can access. So "browseable = no" does > not solve my problem > >> Hi, >> >> Do you want users see only shares they can access or do you want users see >> only files they are allowed to open in some share? >> >> If the point is to hide shares you could try "browseable = no" in your >> shares declaration, as it is done on [homes] share in addition to "valid >> users = user" option. >> > > I tried but it still does not work > >> Sure, that is what you force with your settings in smb.conf. >> Remove: >> public = yes >> >> change the modes to 0XX0 >> the last bit is for the world or everyone or public >> > > Thanks again > > -- > ====================================================================> Nguyen Xuan Hai (Mr) > > Toshiba Software Development (Vietnam) Co.,Ltd > > ====================================================================> > > -- > This mail was scanned by BitDefender > For more information please visit http://www.bitdefender.com > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Thanks & Regards -Partha
Gerry George
2015-Oct-22 01:33 UTC
[Samba] Hide the files that doesn't have permission to access
Even when trying to hide files and folders, the UNIX permissions are also relevant. Ensure that the "world" or public bit is not set - 0770 Also, ensure that the folder (and/or file) is group-owned by the relevant group that the persons who don't need access to them are not a member of. You may have to create new groups to achieve this. Otherwise, the user who should not see the files, if a member of the group which has group-ownership to the files/folders will still be able to see them. The user ownership does not matter too much in this instance if the group membership and ownership is used to control access to the files. Another tip, once the folder permissions are set, set the GID bit so that those permissions will continue down into the folder for any files and folders created within those folders, thus propagating your carefully defined permissions down into the folder structure. using a previously submitted example, it should look like this drwxrws--- 4 root hai-group 4096 18. Apr 2009 backports drwxrws--- 4 root hai-group 4096 18. Apr 2009 debian drwxrws--- 5 root test-group 4096 25. Apr 2009 delixs ..... A member of hai-group will see "backports" and "debian", but not have access to "delixs", Similarly, a member of "test-group" will only have access to "delixs", but not any of the others. G. On Wed, Oct 21, 2015 at 1:18 PM, Partha Sarathi <parthasarathi.bl at gmail.com> wrote:> Hi, > > Try these params to hide files when users doesn't have read/write access to > them. > > hide unreadable (S) > > This parameter prevents clients from seeing the existance of files that > cannot be read. Defaults to off. > > Default: *hide unreadable = no* > hide unwriteable files (S) > > This parameter prevents clients from seeing the existance of files that > cannot be written to. Defaults to off. Note that unwriteable directories > are shown as usual. > > Default: *hide unwriteable files = no* > > > > On Wed, Oct 14, 2015 at 9:06 PM, Nguyen Xuan. Hai < > hai.nguyenxuan at toshiba-tsdv.com> wrote: > > > Thank you guys for your reply. > > > > I tried but it still does not work > > On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote: > > > >> > >> These parameters must be put on share section, not in global section > >> > >> hide unreadable = yes > >> hide unwriteable files = yes > >> example > >> > >> [smb_shr1] > >> path = /mnt/LV002/share1 > >> read only = no > >> create mode = 0777 > >> directory mode = 0777 > >> public = yes > >> valid users = hai > >> hide unreadable = yes > >> hide unwriteable files = yes > >> > >> [smb_shr2] > >> path = /mnt/LV002/share2 > >> writable = yes > >> create mode = 0777 > >> directory mode = 0777 > >> public = yes > >> valid users = test > >> hide unreadable = yes > >> hide unwriteable files = yes > >> > >> > > I mean users see only shares they can access. So "browseable = no" does > > not solve my problem > > > >> Hi, > >> > >> Do you want users see only shares they can access or do you want users > see > >> only files they are allowed to open in some share? > >> > >> If the point is to hide shares you could try "browseable = no" in your > >> shares declaration, as it is done on [homes] share in addition to "valid > >> users = user" option. > >> > > > > I tried but it still does not work > > > >> Sure, that is what you force with your settings in smb.conf. > >> Remove: > >> public = yes > >> > >> change the modes to 0XX0 > >> the last bit is for the world or everyone or public > >> > > > > Thanks again > > > > -- > > ====================================================================> > Nguyen Xuan Hai (Mr) > > > > Toshiba Software Development (Vietnam) Co.,Ltd > > > > ====================================================================> > > > > > -- > > This mail was scanned by BitDefender > > For more information please visit http://www.bitdefender.com > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > -- > Thanks & Regards > -Partha > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Gerry E. George* ICT Consultant and Solutions Provider & Open Source Evangelist *DigiSolv, Inc.* [P.O. Box 1677, Castries, Saint Lucia] ------------------------------ *Mobile*: (756) 716-2716 /* Int'l Office*: (347) 450-3444 / *Skype*: DigiSolv *Email*: *george.gerry at gmail.com <george.gerry at gmail.com>* / *ggeorge at digisolv.com <ggeorge at digisolv.com>*