What is the program they are running? What kind of files? Is the
issue that once they give them selves write access they are then able to
read data they couldn't see before?
On 10/14/2010 04:19 AM, Daniel Müller wrote:
I think you can restrict users of installing programs with policies but you
cannot restrict of running a executable which does no install at all
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: [email protected]
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im
Auftrag von Hubert Choma
Gesendet: Donnerstag, 14. Oktober 2010 08:48
An: samba
Betreff: [Samba] how to prevent copying programs on local harddisk from
samba share
Hello
Ia have samba PDC 3.3.8-0.52.el5_5.2 on centos 5.5. My clients - win XP
PRO SP3.
I have noticed that some users copy from sama share whole catalog with
program and run it from local drive where they got full access.
Write access for This share [geo$] is only for @geo group! Others can't
write . So they are workaround this !
How can I prevent copying programs from samba shares to a local drives
and run it from there? It is any possibility to secure programs and run
it from samba shares only ?
Please help!
[global]
workgroup = geodezja
server string = Samba Server %v
interfaces = 10.10.10.0/255.255.255.0 127.0.0.1
bind interfaces only = Yes
update encrypted = Yes
client ntlmv2 auth = yes
log level = 2 vfs:3 auth:2 passdb:3
log file = /var/log/samba/%U.%m.log
max log size = 500
#PERFORMANCE
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
read raw = yes
write raw = yes
max xmit = 65535
large readwrite = yes
add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "komputer (%u)" -M -d
/nohome -s /bin/false "%u"
# add machine script = /usr/sbin/useradd -g komputery -d /dev/null
-s /bin/false -M "%u"
logon script = %G.CMD
logon path =
logon home =
domain logons = yes
os level = 128
preferred master = yes
domain master = yes
local master = yes
remote browse sync = none
remote announce = none
dns proxy = No
wins support = yes
name resolve order = wins hosts bcast
hosts allow = 10.10.10.0/255.255.255.0 127.0.0.1
hosts deny = ALL
security = user
null passwords = no
deadtime = 0
map to guest = never
create mask = 0777
nt acl support = no
time server = yes
enable privileges = yes
passdb backend = tdbsam
username map = /etc/samba/smbusers
hide dot files = yes
guest ok = no
name cache timeout = 60
[geo$]
comment = Mapa
# oplock = yes
# level2oplocks = yes
# locking = yes
invalid users = @geodeta,@ewidencja,
write list = +geo
path = /home/samba/geo
force group = geo
force create mode = 0777
vfs object = recycle full_audit
recycle:repository = .recycle/%U
recycle:touch = true
recycle:keeptree = true
recycle:versions = false
recycle:exclude = *.TMP *.STP
recycle:directory_mode = 773
full_audit:prefix = %u|%m|%I|%S
full_audit:success = read pwrite write rename unlink rmdir mkdir
lock
pread
full_audit:failure = read write
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
