-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Date: 22 Feb 2003 09:14:57 -0800 > From: Michael Noble <[EMAIL PROTECTED]> > To: "Chew, Darren" <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] Restrict access to [homes] share > > Try setting your home shares as follows: > > [home] > comment = Home Directories > path = /home/%u > read only = No > veto files = /.*/ > > This will always mount the users home directory.
Not necessarily with winbind, you should not need to use a path directive, it defeats the feature of the homes share (which is to use the users home directory). >>> I'd like to know how to restrict access to the [homes] share. Currently, each >>> user is able to read/write to his/her own share, and by typing >>> \\machine\anotheruser can open another user's share and read/write there too. >>> I would like to restrict access so that a user can only read/write to their >>> own share only. >>> >>> Here is some of the relevant config: >>> >>> [global] >>> workgroup = ASDF >>> server string = Samba Server %v >>> security = DOMAIN >>> encrypt passwords = Yes >>> password server = * >>> log file = /var/log/samba/log.%m >>> max log size = 10240 >>> time server = Yes >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>> os level = 64 >>> preferred master = No >>> domain master = No >>> dns proxy = No >>> wins support = Yes >>> winbind uid = 10000-20000 >>> winbind gid = 10000-20000 >>> template homedir = /dev/null >>> winbind separator = + >>> winbind use default domain = Yes >>> admin users = wicked >>> printer admin = @"Domain Admins" >>> >>> [homes] >>> comment = Home Directories >>> path = /home/samba/%S This line should not be necessary, you should rather set your template homedir to /home/samba/%U or /home/%D/%U. >>> force group = nobody The line above is your problem, you should not need this if winbind is working right! >>> read only = No >>> browseable = No >>> The best option (as with Windows) is to have the permissions correct on the filesystem, and not to enforce everything via share definitions. Then if people access to the filesystem via other means, the permissions are still enforced correctly. The easiest solution is to: # cd /home/samba # chmod 700 * Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+WgITrJK6UGDSBKcRAmiqAJwP+XooMp4IrQJffIU35z+DIvUJ0QCfTEB8 WEacOcjkCNrxqUPJFMD7Lqo= =7lrq -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
