G'day, I'd like to know how to restrict access to the [homes] share. Currently, each user is able to read/write to his/her own share, and by typing \\machine\anotheruser can open another user's share and read/write there too. I would like to restrict access so that a user can only read/write to their own share only. Here is some of the relevant config: [global] workgroup = ASDF server string = Samba Server %v security = DOMAIN encrypt passwords = Yes password server = * log file = /var/log/samba/log.%m max log size = 10240 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 64 preferred master = No domain master = No dns proxy = No wins support = Yes winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /dev/null winbind separator = + winbind use default domain = Yes admin users = wicked printer admin = @"Domain Admins" [homes] comment = Home Directories path = /home/samba/%S force group = nobody read only = No browseable = No I have tried using the "valid users" line but when I put it in I can't open my home share. I am using Red Hat Linux 8.0 and Samba 2.2.7a (from rpm). Any help is greatly appreciated. Thanks. Darren ------------------------------------------------- This mail was sent using Scout WebMail https://webmail.vicscouts.asn.au/
Chew, Darren schrieb:> G'day, > > I'd like to know how to restrict access to the [homes] share. Currently, each > user is able to read/write to his/her own share, and by typing > \\machine\anotheruser can open another user's share and read/write there too. > I would like to restrict access so that a user can only read/write to their > own share only. >> > [homes] > comment = Home Directories > path = /home/samba/%S > force group = nobody > read only = No > browseable = Noset the owner of /home/samba/<username> to the given owner, set access for directories and files to 0700 in smb.conf use: creation mode = 0700 directory mode = 0700 so nobody than the given user has access...> > I have tried using the "valid users" line but when I put it in I can't open my > home share. I am using Red Hat Linux 8.0 and Samba 2.2.7a (from rpm). Any help > is greatly appreciated. Thanks. > > Darren > ------------------------------------------------- > This mail was sent using Scout WebMail > https://webmail.vicscouts.asn.au/ >
Try setting your home shares as follows: [home] comment = Home Directories path = /home/%u read only = No veto files = /.*/ This will always mount the users home directory. Mike On Sat, 2003-02-22 at 01:06, Chew, Darren wrote:> G'day, > > I'd like to know how to restrict access to the [homes] share. Currently, each > user is able to read/write to his/her own share, and by typing > \\machine\anotheruser can open another user's share and read/write there too. > I would like to restrict access so that a user can only read/write to their > own share only. > > Here is some of the relevant config: > > [global] > workgroup = ASDF > server string = Samba Server %v > security = DOMAIN > encrypt passwords = Yes > password server = * > log file = /var/log/samba/log.%m > max log size = 10240 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > os level = 64 > preferred master = No > domain master = No > dns proxy = No > wins support = Yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > template homedir = /dev/null > winbind separator = + > winbind use default domain = Yes > admin users = wicked > printer admin = @"Domain Admins" > > [homes] > comment = Home Directories > path = /home/samba/%S > force group = nobody > read only = No > browseable = No > > I have tried using the "valid users" line but when I put it in I can't open my > home share. I am using Red Hat Linux 8.0 and Samba 2.2.7a (from rpm). Any help > is greatly appreciated. Thanks. > > Darren > ------------------------------------------------- > This mail was sent using Scout WebMail > https://webmail.vicscouts.asn.au/ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- Michael G. Noble RF Magic, Inc. Senior System Administrator 10182 Telesis Ct., 4th Floor San Diego, CA. 92121 mailto:mnoble@rfmagic.com voice: (858) 546-2401 x207 fax: (858) 546-2402 -- There is Sanity in my Madness!
> I would like to restrict access so that a user can only read/write to their > own share only.As others mentioned filesystem permissions and path statements can help. For me valid users = %S works just great.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Date: 22 Feb 2003 09:14:57 -0800 > From: Michael Noble <mnoble@rfmagic.com> > To: "Chew, Darren" <darren.chew@vicscouts.asn.au> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Restrict access to [homes] share > > Try setting your home shares as follows: > > [home] > comment = Home Directories > path = /home/%u > read only = No > veto files = /.*/ > > This will always mount the users home directory.Not necessarily with winbind, you should not need to use a path directive, it defeats the feature of the homes share (which is to use the users home directory).>>> I'd like to know how to restrict access to the [homes] share.Currently, each>>> user is able to read/write to his/her own share, and by typing >>> \\machine\anotheruser can open another user's share and read/writethere too.>>> I would like to restrict access so that a user can only read/writeto their>>> own share only. >>> >>> Here is some of the relevant config: >>> >>> [global] >>> workgroup = ASDF >>> server string = Samba Server %v >>> security = DOMAIN >>> encrypt passwords = Yes >>> password server = * >>> log file = /var/log/samba/log.%m >>> max log size = 10240 >>> time server = Yes >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>> os level = 64 >>> preferred master = No >>> domain master = No >>> dns proxy = No >>> wins support = Yes >>> winbind uid = 10000-20000 >>> winbind gid = 10000-20000 >>> template homedir = /dev/null >>> winbind separator = + >>> winbind use default domain = Yes >>> admin users = wicked >>> printer admin = @"Domain Admins" >>> >>> [homes] >>> comment = Home Directories >>> path = /home/samba/%SThis line should not be necessary, you should rather set your template homedir to /home/samba/%U or /home/%D/%U.>>> force group = nobodyThe line above is your problem, you should not need this if winbind is working right!>>> read only = No >>> browseable = No >>>The best option (as with Windows) is to have the permissions correct on the filesystem, and not to enforce everything via share definitions. Then if people access to the filesystem via other means, the permissions are still enforced correctly. The easiest solution is to: # cd /home/samba # chmod 700 * Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+WgITrJK6UGDSBKcRAmiqAJwP+XooMp4IrQJffIU35z+DIvUJ0QCfTEB8 WEacOcjkCNrxqUPJFMD7Lqo=7lrq -----END PGP SIGNATURE-----