Unusual [homes] configuration
gentry at usaccess-inc.com
Thu Nov 20 22:15:01 GMT 1997
I'm finalizing the configuration of a samba installation on our
main server. I'd like to give all users access to a private area
for each of them. This would normally be accomplished perfectly with
the [homes] section in smb.conf, giving each user access to their
home directory as defined in /etc/passwd.
This is were the difficulty lies. I have two classes of users
on this machine:
A. "Normal" users that have independant, distinct home directories.
B. Single application users. These users only use one application
on the server and they all share a common home directory. This is pretty
much a requirement for this application to run. I really don't
like this, but this is the way the application was designed. All
of these users are in a common unix group, so they can be
So, I obviously can't give all "B" users [homes] access or they will
all be writing to the same directory. To make matters slightly worse,
if they DO write to this directory (the shared home), they may
overwrite files crucial to the operation of the common application
that they all use.
What I would like is to have two [homes] sections. One would
be for class A users and would map to their home directories as
normal. The other homes section would be for class B users and
would map their path to something like:
where %u is the username.
I have spent most of this morning and early afternoon trying various
configurations. Everything I've tried has some difficulty that
keeps it from working the way I want. Briefly I've tried:
1. normal [homes] section with invalid users = @classb . Second
wildcard section named [users] with valid users = @classb and
the path = /usr/local/samba/shares/home/%u
This works, but classb users still see a directory with their
username from the [homes] section. When they enter their password,
it denies them access as they are "invalid" users. Any idea
how to keep a share from being displayed if the user is invalid?
This also has the disadvantage of the share name being "users"
instead of the username .
2. One template [user] as above and one share per user with a
copy = user to get the shared attributes (path, file mode, etc).
No [homes] section. This works, but has the disadvantages of
making me add a new section for each user, and displaying ALL
of the "user" directories to every user.
3. Two different [homes] shares. One with valid users = @classb
and the other with invalid users = @classb . This didn't work.
I think it just ignored the second [homes] share. I didn't expect
it to work, but it was worth a try.
1. Is there a way to make one's own [homes] style section with
a different share name like [otherhomes] ? The
only element that I'm missing is the ability to change the share
name to that of the user and (2) above will work. I looked through
the man pages but didn't find what I needed.
2. Can you limit [homes] to not show for invalid users? Conversely
can you limit any share to only show for valid users? With either
of these abilities I think I can do what I want.
3. Is there something I can do with the auto services directive
and one of my failed attempts above? I read the man page section
on auto services and I'm not clear on what it's used for. My
[homes] sections all work as expected with browseable = no and
no auto services line anywhere.
My current solution is a modified [homes] share with
path = /usr/local/samba/shares/home/%u
valid users = @classb
This allows the classb users proper access and everyone else
sees a home directory that they can't get to. Since the class A
users are the minority, this works for now, but is kind of a hack.
Brian L. Gentry
More information about the samba