Re: [Samba] Restrict access to [homes] share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: 22 Feb 2003 09:14:57 -0800 From: Michael Noble [EMAIL PROTECTED] To: Chew, Darren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Restrict access to [homes] share Try setting your home shares as follows: [home] comment = Home Directories path = /home/%u read only = No veto files = /.*/ This will always mount the users home directory. Not necessarily with winbind, you should not need to use a path directive, it defeats the feature of the homes share (which is to use the users home directory). I'd like to know how to restrict access to the [homes] share. Currently, each user is able to read/write to his/her own share, and by typing \\machine\anotheruser can open another user's share and read/write there too. I would like to restrict access so that a user can only read/write to their own share only. Here is some of the relevant config: [global] workgroup = ASDF server string = Samba Server %v security = DOMAIN encrypt passwords = Yes password server = * log file = /var/log/samba/log.%m max log size = 10240 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 64 preferred master = No domain master = No dns proxy = No wins support = Yes winbind uid = 1-2 winbind gid = 1-2 template homedir = /dev/null winbind separator = + winbind use default domain = Yes admin users = wicked printer admin = @Domain Admins [homes] comment = Home Directories path = /home/samba/%S This line should not be necessary, you should rather set your template homedir to /home/samba/%U or /home/%D/%U. force group = nobody The line above is your problem, you should not need this if winbind is working right! read only = No browseable = No The best option (as with Windows) is to have the permissions correct on the filesystem, and not to enforce everything via share definitions. Then if people access to the filesystem via other means, the permissions are still enforced correctly. The easiest solution is to: # cd /home/samba # chmod 700 * Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+WgITrJK6UGDSBKcRAmiqAJwP+XooMp4IrQJffIU35z+DIvUJ0QCfTEB8 WEacOcjkCNrxqUPJFMD7Lqo= =7lrq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restrict access to [homes] share
I would like to restrict access so that a user can only read/write to their own share only. As others mentioned filesystem permissions and path statements can help. For me valid users = %S works just great. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restrict access to [homes] share
Chew, Darren schrieb: G'day, I'd like to know how to restrict access to the [homes] share. Currently, each user is able to read/write to his/her own share, and by typing \\machine\anotheruser can open another user's share and read/write there too. I would like to restrict access so that a user can only read/write to their own share only. [homes] comment = Home Directories path = /home/samba/%S force group = nobody read only = No browseable = No set the owner of /home/samba/username to the given owner, set access for directories and files to 0700 in smb.conf use: creation mode = 0700 directory mode = 0700 so nobody than the given user has access... I have tried using the valid users line but when I put it in I can't open my home share. I am using Red Hat Linux 8.0 and Samba 2.2.7a (from rpm). Any help is greatly appreciated. Thanks. Darren - This mail was sent using Scout WebMail https://webmail.vicscouts.asn.au/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restrict access to [homes] share
Try setting your home shares as follows: [home] comment = Home Directories path = /home/%u read only = No veto files = /.*/ This will always mount the users home directory. Mike On Sat, 2003-02-22 at 01:06, Chew, Darren wrote: G'day, I'd like to know how to restrict access to the [homes] share. Currently, each user is able to read/write to his/her own share, and by typing \\machine\anotheruser can open another user's share and read/write there too. I would like to restrict access so that a user can only read/write to their own share only. Here is some of the relevant config: [global] workgroup = ASDF server string = Samba Server %v security = DOMAIN encrypt passwords = Yes password server = * log file = /var/log/samba/log.%m max log size = 10240 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 64 preferred master = No domain master = No dns proxy = No wins support = Yes winbind uid = 1-2 winbind gid = 1-2 template homedir = /dev/null winbind separator = + winbind use default domain = Yes admin users = wicked printer admin = Domain Admins [homes] comment = Home Directories path = /home/samba/%S force group = nobody read only = No browseable = No I have tried using the valid users line but when I put it in I can't open my home share. I am using Red Hat Linux 8.0 and Samba 2.2.7a (from rpm). Any help is greatly appreciated. Thanks. Darren - This mail was sent using Scout WebMail https://webmail.vicscouts.asn.au/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Michael G. Noble RF Magic, Inc. Senior System Administrator 10182 Telesis Ct., 4th Floor San Diego, CA. 92121 mailto:[EMAIL PROTECTED] voice: (858) 546-2401 x207 fax: (858) 546-2402 -- There is Sanity in my Madness! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
