[Samba] Samba Access Control

Josh Konkol susesambaboy at yahoo.com
Tue Feb 19 06:22:03 GMT 2002

You shouldn't need the invalid users list.  Only people in the Valid Users 
list can access the share, they contradict each other.

EXCERPT FROM man smb.conf:

       valid users (S)
              This  is  a list of users that should be allowed to
              login to this service. Names starting with '@', '+'
              and  '&'  are  interpreted  using the same rules as
              described in the invalid users parameter.

              If this is empty (the default) then  any  user  can
              login.   If a username is in both this list and the
              invalid users list then access is denied  for  that

Hope this helps!!


On Tuesday 19 February 2002 06:05, Philip Reynolds wrote:
> Hi,
> I've been looking at Samba's access control, and according to the
> documentation it's provides me with what I want, however, I'm not so
> sure if this is the case.
> Take the following scenario:
> As Administrator I am in the following groups
> admin_group, user_group1, user_group2
> There is an administrator share:
> --------------8<------------
> [Admin]
> invalid users = @user_group1, @user_group2
> valid users = @admin_group
> path = /export/path/to/admin/share
> write list = @admin_group
> writeable = yes
> --------------<8------------
> I want to explain the first two entries in the config.
> The first one should deny any user in user_group1 or user_group2
> (which it does)
> For the second however, I want it to override the first, and say
> anyone in admin_group should be allowed access, this doesn't work
> though.
> In summary: I only want admin_group to have access to this share, by
> whatever means necessary (I realise this is possible through UNIX
> permissions, however I'd prefer not to do this)
> Phil.

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the samba mailing list