ABE for shares

Jeremy Allison jra at samba.org
Thu Jun 8 15:58:27 UTC 2017

On Thu, Jun 08, 2017 at 08:34:23AM -0700, Richard Sharpe via samba-technical wrote:
> Hi folks,
> A customer wants to be able to prevent users from seeing shares they
> do not have access to.
> Today it looks like you can see shares despite not having access to a share.
> Has anyone looked at this issue?

man smb.conf

/access based share enum

           If this parameter is yes for a service, then the share hosted by the service will only be visible to users who have read or write access to the share
           during share enumeration (for example net view \\sambaserver). The share ACLs which allow or deny the access to the share can be modified using for
           example the sharesec command or using the appropriate Windows tools. This has parallels to access based enumeration, the main difference being that only
           share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights.

           Default: access based share enum = no

Should do the trick.

More information about the samba-technical mailing list