[Samba] Samba permissions
kyle at caisnet.com
Tue May 27 19:58:14 GMT 2003
curtis at npc-usa.com writes:
> Well, I thought I knew Samba permissions, but I guess I don't.
>Currently, any user that has an account on the Samba server has access
>to the share "Accounting".
>So, let's say I have user1, user2, user3, user4
>I have added user1, user2 and user3 to the accounting group. user4 is
>not a member of accounting.
>On the server itself (not for Samba), I set up permissions for the
>folder as 774 for all directories and files therein. User/group
>permission are set as admin.accounting
>The samba section for this share reads:
> comment = Accounting
> path = /home/accounting
> read only = No
> create mask = 0770
> force create mode = 0770
> security mask = 0770
> directory mask = 0770
> force directory mode = 0770
> directory security mask = 0770
> inherit permissions = Yes
>If any local user access this share, they also automatically become part
>of the accounting group (as far as samba is concerned).
>Now, if I add a line "valid users = user1, user2, user 3" then of
>course, just they can get in. But that doesn't seem to be the right
>solution. The right solution would be to permit only accounting group
>users into the folder. What am I doing wrong?
>North Pacific Corporation
>WashTech (CWA Local 37083)
>To unsubscribe from this list go to the following URL and read the
I have a share setup to allow only a specific group.
path = /Volumes/iRAID/projects
public = NO
read only = NO
comment = Project Files
force directory mode = 0770
force create mode = 0770
valid users = @projects
the valid users = @group makes it so that the user must be in that
specific group to enter.
It is in the smb.conf manual.
try man smb.conf or find it on your mirror of samba.org
valid users (S)
This is a list of users that should be allowed to login to this
service. Names starting with '@', '+' and '&' are interpreted using the
same rules as described in the invalid users parameter.
If this is empty (the default) then any user can login. If a username
is in both this list and the invalid users list then access is denied for
The current servicename is substituted for %S . This is useful in the
See also invalid users
Default: No valid users list (anyone can login)
Example: valid users = greg, @pcusers
Kyle at caisnet.com
More information about the samba