[Samba] write list and valid users
Sam Bayne
sbayne at sccd.ctc.edu
Wed Dec 19 23:26:58 GMT 2007
The way we handle this is to ignore he valid user and write list settings.
Our shares look like this:
[Shares]
path=/home/shares
browseable = yes
writable = yes
force create mode = 0770
force directory mode = 2770
Then we chown and set unix permissions on subdirectories of /home/shares
that restrict the folder access to groups.
The minor drawback is that users can see that other departments exist,
but they can only enter their own folders.
But we allow remote sftp access, so we need to use the Unix permissions
anyway.
Michael Heydon wrote:
> Jason Greene wrote:
>> We finally got our server to migrate to the new domain.
>>
>> Now when we access a share anyone can write to it.
>>
>> I removed the write list and valid users list and restarted samba...
>> anyone
>> can still access and write to it.
>>
>> Can some one school me on samba permissions?
>>
> I don't want to sound like a jerk, but this is fairly clearly explained
> in the man page.
>> here is the share info
>>
>> drwxrwsrwx 10 user group 4096 Dec 19 08:16 dev
>>
>> [dev]
>> path = /apps/dev
>> create mask = 666
>> directory mask = 2777
>> valid user = removed for security (a bunch of domain groups)
>> write list = removed for security (a bunch of domain groups)
>>
> write list: This is a list of users that are given read-write access
> to a
> service. If the connecting user is in this list then they will be
> given write access, no matter what the read only option is set to.
>> writeable = yes
>>
> writeable: Inverted synonym for read only.
>
> read only: If this parameter is yes, then users of a service may not
> create
> or modify files in the service's directory.
>
> As you can see, setting "writeable = yes" allows anyone who connects to
> write to the share (depending on unix permissions). "write list" will
> overrule the "read only" ("writeable") setting on a share for certain
> users. If you remove the "writeable = yes" line it will default to read
> only and only users in the write list will be able to make changes.
>
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
More information about the samba
mailing list