[Samba] write list and valid users

Sam Bayne sbayne at sccd.ctc.edu
Wed Dec 19 23:26:58 GMT 2007 

The way we handle this is to ignore he valid user and write list settings.

Our shares look like this:
[Shares]
    path=/home/shares
    browseable = yes
    writable = yes
    force create mode = 0770
    force directory mode = 2770

Then we chown and set unix permissions on subdirectories of /home/shares 
that restrict the folder access to groups.

The minor drawback is that users can see that other departments exist, 
but they can only enter their own folders.

But we allow remote sftp access, so we need to use the Unix permissions 
anyway.


Michael Heydon wrote:
> Jason Greene wrote:
>> We finally got our server to migrate to the new domain.
>>
>> Now when we access a share anyone can write to it.
>>
>> I removed the write list and valid users list and restarted samba... 
>> anyone
>> can still access and write to it.
>>
>> Can some one school me on samba permissions?
>>   
> I don't want to sound like a jerk, but this is fairly clearly explained 
> in the man page.
>> here is the share info
>>
>> drwxrwsrwx  10 user group    4096 Dec 19 08:16 dev
>>
>> [dev]
>>         path = /apps/dev
>>         create mask = 666
>>         directory mask = 2777
>>         valid user =  removed for security (a bunch of domain groups)
>>         write list = removed for security  (a bunch of domain groups)
>>   
> write list: This is a list of users that are given  read-write  access  
> to  a
> service. If the connecting user is in this list then they will be
> given write access, no matter what the read only  option  is  set to.
>>         writeable = yes
>>   
> writeable: Inverted synonym for read only.
> 
> read only: If  this parameter is yes, then users of a service may not 
> create
> or modify files in the service's directory.
> 
> As you can see, setting "writeable = yes" allows anyone who connects to 
> write to the share (depending on unix permissions). "write list" will 
> overrule the "read only" ("writeable") setting on a share for certain 
> users. If you remove the "writeable = yes" line it will default to read 
> only and only users in the write list will be able to make changes.
> 
> *Michael Heydon - IT Administrator *
> michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>

More information about the samba mailing list