samba - Nov 2004 - Restricting access to [homes]

Greetings!

I've got a samba server that's serving Windows and Mac clients.  I want 
to restrict the [homes] share such that users can *only* connect to 
their own home directory, and not make read-only connections to other 
people's home directories.

For example, on a Mac, if I connect to my Samba server with:

    smb://servername/bbonds

and then authenticate myself as:

    jgiambi
    (password)

I'm given read-only access to bbonds' home directory.  
/var/log/samba/log.smbd shows:

    [2004/11/11 11:52:46, 1] smbd/service.c:make_connection_snum(648)
      server (192.168.94.17) connect to service bbonds initially as user 
      jgiambi (uid=25, gid=45) (pid 15621)

How can I prevent these sorts of accesses?  'jgiambi' should only be 
able to access the //servername/jgiambi share via [homes].

The [homes] share in /etc/samba/smb.conf reads:

    [homes]
        comment = Home Directories
        create mask = 0644
        directory mask = 0755
        browseable = no
        writable = yes
        guest ok = no

Samba version 3.0.7

Thanks!

Chris
-- 
Christopher S. Swingley          email: cswingle@iarc.uaf.edu (work)
Intl. Arctic Research Center            cswingle@gmail.com (personal)
University of Alaska Fairbanks   www.frontier.iarc.uaf.edu/~cswingle/

On Thursday 11 November 2004 16:03, Christopher Swingley wrote:
>
>     [homes]
>         comment = Home Directories
>         create mask = 0644
>         directory mask = 0755
>         browseable = no
>         writable = yes
>         guest ok = no
You need to make your create mask and directory mask more restrive.  600 and 
700 respectively, is appropriate.  You are giving your other users read-only 
access via Unix permissions.

Misty
>
> Samba version 3.0.7
>
> Thanks!
>
> Chris
> --
> Christopher S. Swingley          email: cswingle@iarc.uaf.edu (work)
> Intl. Arctic Research Center            cswingle@gmail.com (personal)
> University of Alaska Fairbanks   www.frontier.iarc.uaf.edu/~cswingle/

On Thu, Nov 11, 2004 at 12:03:21PM -0900, Christopher Swingley
wrote:
> Greetings!
> 
> I've got a samba server that's serving Windows and Mac clients.  I
want
> to restrict the [homes] share such that users can *only* connect to 
> their own home directory, and not make read-only connections to other 
> people's home directories.
> 
> For example, on a Mac, if I connect to my Samba server with:
> 
>     smb://servername/bbonds
> 
> and then authenticate myself as:
> 
>     jgiambi
>     (password)
> 
> I'm given read-only access to bbonds' home directory.  
> /var/log/samba/log.smbd shows:
> 
>     [2004/11/11 11:52:46, 1] smbd/service.c:make_connection_snum(648)
>       server (192.168.94.17) connect to service bbonds initially as user 
>       jgiambi (uid=25, gid=45) (pid 15621)
> 
> How can I prevent these sorts of accesses?  'jgiambi' should only
be
> able to access the //servername/jgiambi share via [homes].
Common question. Add the line :

valid users = %S

to the homes share.

Jeremy.