Hi All Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. How could i implement both rules on the [homes] share? Example: %D%w%S AND @DOMAINPostgrad Any Ideas? Thanks.
Hi, In other word (if I understand), each users (%D%w%S) have access to her home directory and postgard group must be able to access to all homes folder ? If you want this, is preferable to create a other share witn the path of home directory and put access to postgrad on this share be carrefull : homes share is particular ! ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 10/03/2009 16:46:01 :> > > Hi All > Im my [homes] share i want to have two access rules. First one is > %D%w%S so that DOMAINdmarkey will only be able to access his own home > directory and nobody elses > But I only want users in the postgrad group to be able to access > their home directory. > > How could i implement both rules on the [homes] share? > Example: %D%w%S AND @DOMAINPostgrad > Any Ideas? > Thanks. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
No Sorry, The only people who i want to give access to their own home directory is postgrad. but I only want them to access their own home dirctory not anyone elses(i.e the %D%w%S rule) Any clearer? On Tue, 10 Mar 2009 16:55:14 +0100, St?phane PURNELLE <stephane.purnelle@corman.be> wrote:> Hi, > > In other word (if I understand), each users (%D%w%S) have access to her > home directory and postgard group must be able to access to all homes > folder ? > If you want this, is preferable to create a other share witn the path of > home directory and put access to postgrad on this share > > be carrefull : homes share is particular ! > > > > ----------------------------------- > St?phane PURNELLE stephane.purnelle@corman.be > Service Informatique Corman S.A. Tel : 00 32 087/342467 > > samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur > 10/03/2009 16:46:01 : > >> >> >> Hi All >> Im my [homes] share i want to have two access rules. First one is >> %D%w%S so that DOMAINdmarkey will only be able to access his own home >> directory and nobody elses >> But I only want users in the postgrad group to be able to access >> their home directory. >> >> How could i implement both rules on the [homes] share? >> Example: %D%w%S AND @DOMAINPostgrad >> Any Ideas? >> Thanks. >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >
> Im my [homes] share i want to have two access rules. First one is > %D%w%S so that DOMAINdmarkey will only be able to access his own home > directory and nobody elses > But I only want users in the postgrad group to be able to access > their home directory. > >That question has already been solved in previous posts. Please search the list. The solution lies with the use of the "include" parameter.
If you are referring to http://marc.info/?l=samba&m=122692173903872&w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha <miguelmedalha@sapo.pt> wrote:> >> Im my [homes] share i want to have two access rules. First one is >> %D%w%S so that DOMAINdmarkey will only be able to access his own home >> directory and nobody elses >> But I only want users in the postgrad group to be able to access >> their home directory. >> >> > > That question has already been solved in previous posts. Please search > the list. > > The solution lies with the use of the "include" parameter.
Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S ) ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 10/03/2009 17:52:07 :> If you are referring to http://marc.info/?l=samba&m=122692173903872&w=2 > > This doesnt work for me because postgrad isnt the primary group of those > particular users. > > > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha<miguelmedalha@sapo.pt>> wrote: > > > >> Im my [homes] share i want to have two access rules. First one is > >> %D%w%S so that DOMAINdmarkey will only be able to access his own home > >> directory and nobody elses > >> But I only want users in the postgrad group to be able to access > >> their home directory. > >> > >> > > > > That question has already been solved in previous posts. Please search> > the list. > > > > The solution lies with the use of the "include" parameter. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, St?phane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 10/03/2009 17:52:07 : > If you are referring to http://marc.info/?l=samba&m=122692173903872&w=2 > > This doesnt work for me because postgrad isnt the primary group of those > particular users. > > > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha > wrote: > > > >> Im my [homes] share i want to have two access rules. First one is > >> %D%w%S so that DOMAINdmarkey will only be able to access his own home > >> directory and nobody elses > >> But I only want users in the postgrad group to be able to access > >> their home directory. > >> > >> > > > > That question has already been solved in previous posts. Please search > > the list. > > > > The solution lies with the use of the "include" parameter. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for "valid users". David Markey wrote:> I really think i have explained the situation enough and its not that > complex. I only want the users in the postgrad group to get access to > their home directories via samba but i dont want them to be able to > access anyone elses. > > include = %D%w%S.smb.conf wont work, that would obviosly mean id need > an include for for every user in the postgrad group i.e. > DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i > want. > On Tue, 10 Mar 2009 18:08:15 +0100, St?phane PURNELLE wrote: > Could you provide more information about your configuration. > a homes share with two access, why ? > A idea : > about include parameter, if you edit your smb.conf and put end of the > file the homes shares and the include parameter like : > include = %D%w%S.smb.conf > [homes] > ... > valid user= @postgrad > and ofcourse define on %D%w%S.smb.conf (the correct homes share for > %D%w%S) > ----------------------------------- > St?phane PURNELLE > stephane.purnelle@corman.be > > Service Informatique Corman S.A. Tel : 00 32 > 087/342467 > samba-bounces+stephane.purnelle=corman.be@lists.samba.org a > ?crit sur 10/03/2009 17:52:07 : > > If you are referring to > http://marc.info/?l=samba&m=122692173903872&w=2 > > > > This doesnt work for me because postgrad isnt the primary group of > those > > particular users. > > > > > > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha > > wrote: > > > > > >> Im my [homes] share i want to have two access rules. First one > is > > >> %D%w%S so that DOMAINdmarkey will only be able to access his > own home > > >> directory and nobody elses > > >> But I only want users in the postgrad group to be able to > access > > >> their home directory. > > >> > > >> > > > > > > That question has already been solved in previous posts. Please > search > > > the list. > > > > > > The solution lies with the use of the "include" parameter. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: > https://lists.samba.org/mailman/options/samba >
No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin <chaplina+samba@canisius.edu> wrote:> I think you are saying you only want the postgrad group to have access > to their home directory share. > > Look at the smb.conf entry for "valid users". > > David Markey wrote: >> I really think i have explained the situation enough and its not that >> complex. I only want the users in the postgrad group to get access to >> their home directories via samba but i dont want them to be able to >> access anyone elses. >> >> include = %D%w%S.smb.conf wont work, that would obviosly mean id need >> an include for for every user in the postgrad group i.e. >> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i >> want. >> On Tue, 10 Mar 2009 18:08:15 +0100, St?phane PURNELLE wrote: >> Could you provide more information about your configuration. >> a homes share with two access, why ? >> A idea : >> about include parameter, if you edit your smb.conf and put end of the >> file the homes shares and the include parameter like : >> include = %D%w%S.smb.conf >> [homes] >> ... >> valid user= @postgrad >> and ofcourse define on %D%w%S.smb.conf (the correct homes share for >> %D%w%S) >> ----------------------------------- >> St?phane PURNELLE >> stephane.purnelle@corman.be >> >> Service Informatique Corman S.A. Tel : 00 32 >> 087/342467 >> samba-bounces+stephane.purnelle=corman.be@lists.samba.org a >> ?crit sur 10/03/2009 17:52:07 : >> > If you are referring to >> http://marc.info/?l=samba&m=122692173903872&w=2 >> > >> > This doesnt work for me because postgrad isnt the primary group of >> those >> > particular users. >> > >> > >> > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha >> > wrote: >> > > >> > >> Im my [homes] share i want to have two access rules. First one >> is >> > >> %D%w%S so that DOMAINdmarkey will only be able to access his >> own home >> > >> directory and nobody elses >> > >> But I only want users in the postgrad group to be able to >> access >> > >> their home directory. >> > >> >> > >> >> > > >> > > That question has already been solved in previous posts. Please >> search >> > > the list. >> > > >> > > The solution lies with the use of the "include" parameter. >> > >> >
David, What about approaching this from another angle? Using posix permissions, create a special place for the postgrad user directories. mkdir /home/postgrad chmod 750 /home/postgrad chown root:postgrad /home/postgrad [homes] path = /home/postgrad/%U valid users = @postgrad etc........ Ensure that the user subdirectories in /home/postgrad are 700. Maybe? Dale David Markey wrote:> No.. > > I want only postgrad group to have access but I dont want them to access > anyone elses home directory as discussed previously(using the valid users > %D%w%S). > > In other words i need some kind of AND statement. > > i.e. valid users = @DOMAIN\postgrads AND %D%w%S > > > > > > On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin > <chaplina+samba@canisius.edu> wrote: > >> I think you are saying you only want the postgrad group to have access >> to their home directory share. >> >> Look at the smb.conf entry for "valid users". >> >> David Markey wrote: >> >>> I really think i have explained the situation enough and its not that >>> complex. I only want the users in the postgrad group to get access to >>> their home directories via samba but i dont want them to be able to >>> access anyone elses. >>> >>> include = %D%w%S.smb.conf wont work, that would obviosly mean id need >>> an include for for every user in the postgrad group i.e. >>> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i >>> want. >>> On Tue, 10 Mar 2009 18:08:15 +0100, St?phane PURNELLE wrote: >>> Could you provide more information about your configuration. >>> a homes share with two access, why ? >>> A idea : >>> about include parameter, if you edit your smb.conf and put end of the >>> file the homes shares and the include parameter like : >>> include = %D%w%S.smb.conf >>> [homes] >>> ... >>> valid user= @postgrad >>> and ofcourse define on %D%w%S.smb.conf (the correct homes share for >>> %D%w%S) >>> ----------------------------------- >>> St?phane PURNELLE >>> stephane.purnelle@corman.be >>> >>> Service Informatique Corman S.A. Tel : 00 32 >>> 087/342467 >>> samba-bounces+stephane.purnelle=corman.be@lists.samba.org a >>> ?crit sur 10/03/2009 17:52:07 : >>> > If you are referring to >>> http://marc.info/?l=samba&m=122692173903872&w=2 >>> > >>> > This doesnt work for me because postgrad isnt the primary group of >>> those >>> > particular users. >>> > >>> > >>> > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha >>> > wrote: >>> > > >>> > >> Im my [homes] share i want to have two access rules. First one >>> is >>> > >> %D%w%S so that DOMAINdmarkey will only be able to access his >>> own home >>> > >> directory and nobody elses >>> > >> But I only want users in the postgrad group to be able to >>> access >>> > >> their home directory. >>> > >> >>> > >> >>> > > >>> > > That question has already been solved in previous posts. Please >>> search >>> > > the list. >>> > > >>> > > The solution lies with the use of the "include" parameter. >>> > >>> > >>> > >
[%U]
comment = Home Directories
browseable = yes
read only = no
path = %H
valid users = @"DOMAIN\postgrad"
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
hide files = /*.desktop/*.ini/
This seems to be working exactly the way I want it to. Does anyone see any
security issues with the above configuration?
Thanks for all the replys!
On Tue, 10 Mar 2009 18:10:11 +0000, David Markey
<dmarkey@dodds.dmarkey.com> wrote:> No..
>
> I want only postgrad group to have access but I dont want them to access
> anyone elses home directory as discussed previously(using the valid users
> > %D%w%S).
>
> In other words i need some kind of AND statement.
>
> i.e. valid users = @DOMAIN\postgrads AND %D%w%S
>
>
>
>
>
> On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin
> <chaplina+samba@canisius.edu> wrote:
>> I think you are saying you only want the postgrad group to have access
>> to their home directory share.
>>
>> Look at the smb.conf entry for "valid users".
>>
>> David Markey wrote:
>>> I really think i have explained the situation enough and its not
that
>>> complex. I only want the users in the postgrad group to get access
to
>>> their home directories via samba but i dont want them to be able to
>>> access anyone elses.
>>>
>>> include = %D%w%S.smb.conf wont work, that would obviosly mean id
need
>>> an include for for every user in the postgrad group i.e.
>>> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i
>>> want.
>>> On Tue, 10 Mar 2009 18:08:15 +0100, St?phane PURNELLE wrote:
>>> Could you provide more information about your configuration.
>>> a homes share with two access, why ?
>>> A idea :
>>> about include parameter, if you edit your smb.conf and put end of
the
>>> file the homes shares and the include parameter like :
>>> include = %D%w%S.smb.conf
>>> [homes]
>>> ...
>>> valid user= @postgrad
>>> and ofcourse define on %D%w%S.smb.conf (the correct homes share for
>>> %D%w%S)
>>> -----------------------------------
>>> St?phane PURNELLE
>>> stephane.purnelle@corman.be
>>>
>>> Service Informatique Corman S.A. Tel : 00 32
>>> 087/342467
>>> samba-bounces+stephane.purnelle=corman.be@lists.samba.org a
>>> ?crit sur 10/03/2009 17:52:07 :
>>> > If you are referring to
>>> http://marc.info/?l=samba&m=122692173903872&w=2
>>> >
>>> > This doesnt work for me because postgrad isnt the primary
group of
>>> those
>>> > particular users.
>>> >
>>> >
>>> > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha
>>> > wrote:
>>> > >
>>> > >> Im my [homes] share i want to have two access rules.
First one
>>> is
>>> > >> %D%w%S so that DOMAINdmarkey will only be able to
access his
>>> own home
>>> > >> directory and nobody elses
>>> > >> But I only want users in the postgrad group to be
able to
>>> access
>>> > >> their home directory.
>>> > >>
>>> > >>
>>> > >
>>> > > That question has already been solved in previous posts.
Please
>>> search
>>> > > the list.
>>> > >
>>> > > The solution lies with the use of the
"include" parameter.
>>> >
>>> >
>
>