Share/User Security Mix (unnecessary!)

David Collier-Brown davecb at canada.sun.com
Tue Oct 16 04:47:02 GMT 2001


August Zajonc" wrote:
| I'd like to have some shares be available to all clients
| with the right password (aka share security)
| I'd like some shares available to all with no password.

	The first can be done with acls, group permissions,
	read/write list or any other per-user access control
	mechanism.

	The second can be done without using
	share-level security (insecurity?), by
	saying:

[global]
	# Make selected sdhares acessible to unauthorized users!
        # so they can pick up .reg files to turn off MS encryption.
        guest account = guest
        map to guest = bad user

[public]
        # This share contains plain-password .reg files
        comment = You will find the various PlainPassword.reg \ 
                files here
        path = /usr/local/samba/public
        guest ok = yes
        guest only = yes
        browseable = yes
        read only = yes

	The trick is to use map to guest, which has
	some subtle behaviors: see the smb.conf.5 file
	for more info. (You probably want guest ok = no
	as the default and in other shares!)


--dave
-- 
David Collier-Brown,           | Always do right. This will gratify 
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services.    |                      -- Mark Twain
(905) 415-2849                 | davecb at canada.sun.com




More information about the samba mailing list