ABE for shares
Jeremy Allison
jra at samba.org
Thu Jun 8 15:58:27 UTC 2017
On Thu, Jun 08, 2017 at 08:34:23AM -0700, Richard Sharpe via samba-technical wrote:
> Hi folks,
>
> A customer wants to be able to prevent users from seeing shares they
> do not have access to.
>
> Today it looks like you can see shares despite not having access to a share.
>
> Has anyone looked at this issue?
man smb.conf
/access based share enum
If this parameter is yes for a service, then the share hosted by the service will only be visible to users who have read or write access to the share
during share enumeration (for example net view \\sambaserver). The share ACLs which allow or deny the access to the share can be modified using for
example the sharesec command or using the appropriate Windows tools. This has parallels to access based enumeration, the main difference being that only
share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights.
Default: access based share enum = no
Should do the trick.
More information about the samba-technical
mailing list