[Samba] write list and valid users

[Michael Heydon]

Jason Greene wrote:
> We finally got our server to migrate to the new domain.
>
> Now when we access a share anyone can write to it.
>
> I removed the write list and valid users list and restarted samba... anyone
> can still access and write to it.
>
> Can some one school me on samba permissions?
>   
I don't want to sound like a jerk, but this is fairly clearly explained 
in the man page.
> here is the share info
>
> drwxrwsrwx  10 user group    4096 Dec 19 08:16 dev
>
> [dev]
>         path = /apps/dev
>         create mask = 666
>         directory mask = 2777
>         valid user =  removed for security (a bunch of domain groups)
>         write list = removed for security  (a bunch of domain groups)
>   
write list: This is a list of users that are given  read-write  access  
to  a
service. If the connecting user is in this list then they will be
given write access, no matter what the read only  option  is  set to.
>         writeable = yes
>   
writeable: Inverted synonym for read only.

read only: If  this parameter is yes, then users of a service may not create
or modify files in the service's directory.

As you can see, setting "writeable = yes" allows anyone who connects to 
write to the share (depending on unix permissions). "write list" will 
overrule the "read only" ("writeable") setting on a share for certain 
users. If you remove the "writeable = yes" line it will default to read 
only and only users in the write list will be able to make changes.

*Michael Heydon - IT Administrator *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>