[Samba] prevent normal users from getting userlist

Florian Effenberger floeff at arcor.de
Mon Oct 3 13:20:47 GMT 2005

Hi Andrew,

> Not without breaking functionality.  See, any user should be able to run
> the ACL editor, and assign rights to users and groups.
> You could modify code to lock this down, but I would be worried about
> the consequences, as well as what other mean (direct LDAP query, for
> example) you would also need to lock down.
> I know this is difficult in strict privacy environments.  

you are right, of course, I did not think of the ACL features needed!
However, there are some environments where it could as well be illegal
to allow every user to fetch the whole user list.

Are there any plans to implement a feature to disable getting user list
for some users?


More information about the samba mailing list