Re: [Samba] write list and valid users

Wed, 19 Dec 2007 15:48:48 -0800 

The way we handle this is to ignore he valid user and write list settings.

Our shares look like this:
[Shares]
   path=/home/shares
   browseable = yes
   writable = yes
   force create mode = 0770
   force directory mode = 2770
Then we chown and set unix permissions on subdirectories of /home/shares that restrict the folder access to groups.
The minor drawback is that users can see that other departments exist, but they can only enter their own folders.
But we allow remote sftp access, so we need to use the Unix permissions anyway. 


Michael Heydon wrote:

Jason Greene wrote:

We finally got our server to migrate to the new domain.

Now when we access a share anyone can write to it.
I removed the write list and valid users list and restarted samba... anyone 
can still access and write to it.

Can some one school me on samba permissions?
I don't want to sound like a jerk, but this is fairly clearly explained in the man page. 
here is the share info

drwxrwsrwx  10 user group    4096 Dec 19 08:16 dev

[dev]
        path = /apps/dev
        create mask = 666
        directory mask = 2777
        valid user =  removed for security (a bunch of domain groups)
        write list = removed for security  (a bunch of domain groups)
write list: This is a list of users that are given read-write access to a 
service. If the connecting user is in this list then they will be
given write access, no matter what the read only  option  is  set to.

        writeable = yes

writeable: Inverted synonym for read only.
read only: If this parameter is yes, then users of a service may not create 
or modify files in the service's directory.
As you can see, setting "writeable = yes" allows anyone who connects to write to the share (depending on unix permissions). "write list" will overrule the "read only" ("writeable") setting on a share for certain users. If you remove the "writeable = yes" line it will default to read only and only users in the write list will be able to make changes. 

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to