Recipe 23.9. Controlling Share Access with Access Control Lists

 < Day Day Up > 

23.9.1 Problem

You would like to limit who can access a particular Samba share, either by username or group name.

23.9.2 Solution

Use the valid users directive in smb.conf, as follows:

[share1]    path = /sharedstuff    comment = testfiles    read only = No    valid users = andrew  foober  dana

Unix groups are indicated by a plus sign (+):

   valid users = +sambausers

The groups must exist on the server, in /etc/group. They are ordinary Linux groups; you don't need to create special Samba groups.

You may also exclude users or groups, using invalid users:

   invalid users = root  +wheel  +bannedusers

Remember to restart Samba after changing smb.conf.

23.9.3 Discussion

If you have no network information services (NIS) groups, use the plus sign to tell Samba to look only for Unix groups.

Using @ (for example, @bannedusers) tells Samba to first search the NIS database, then Unix.

To use only NIS groups, use the ampersand: &bannedusers.

23.9.4 See Also

  • smb.conf(5)

     < Day Day Up > 


    Linux Cookbook
    Linux Cookbook
    ISBN: 0596006403
    EAN: 2147483647
    Year: 2004
    Pages: 434

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net