Share/User Security Mix (unnecessary!)

David Collier-Brown davecb at
Tue Oct 16 04:47:02 GMT 2001

August Zajonc" wrote:
| I'd like to have some shares be available to all clients
| with the right password (aka share security)
| I'd like some shares available to all with no password.

	The first can be done with acls, group permissions,
	read/write list or any other per-user access control

	The second can be done without using
	share-level security (insecurity?), by

	# Make selected sdhares acessible to unauthorized users!
        # so they can pick up .reg files to turn off MS encryption.
        guest account = guest
        map to guest = bad user

        # This share contains plain-password .reg files
        comment = You will find the various PlainPassword.reg \ 
                files here
        path = /usr/local/samba/public
        guest ok = yes
        guest only = yes
        browseable = yes
        read only = yes

	The trick is to use map to guest, which has
	some subtle behaviors: see the smb.conf.5 file
	for more info. (You probably want guest ok = no
	as the default and in other shares!)

David Collier-Brown,           | Always do right. This will gratify 
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services.    |                      -- Mark Twain
(905) 415-2849                 | davecb at

More information about the samba mailing list