The following parameters in the smb.conf file sections define a share control or effect access controls. Before using any of the following options, please refer to the man page for smb.conf .
12.3.1 User and Group -Based Controls
User and group-based controls can prove quite useful. In some situations it is distinctly desirable to affect all file system operations as if a single user were doing so. The use of the force user and force group behavior will achieve this. In other situations it may be necessary to effect a paranoia level of control to ensure that only particular authorized persons will be able to access a share or its contents. Here the use of the valid users or the invalid users may be most useful.
As always, it is highly advisable to use the least difficult to maintain and the least ambiguous method for controlling access. Remember, when you leave the scene someone else will need to provide assistance and if he finds too great a mess or does not understand what you have done, there is risk of Samba being removed and an alternative solution being adopted.
Table 12.2 enumerates these controls.
Table 12.2. User and Group Based Controls
12.3.2 File and Directory Permissions-Based Controls
The following file and directory permission-based controls, if misused, can result in considerable difficulty to diagnose causes of misconfiguration. Use them sparingly and carefully . By gradually introducing each one by one, undesirable side effects may be detected . In the event of a problem, always comment all of them out and then gradually reintroduce them in a controlled way.
Refer to Table 12.3 for information regarding the parameters that may be used to affect file and directory permission-based access controls.
12.3.3 Miscellaneous Controls
The following are documented because of the prevalence of administrators creating inadvertent barriers to file access by not understanding the full implications of smb.conf file settings. See Table 12.4.