[Samba] Securing home shares
morgan at orst.edu
Mon Feb 12 20:37:05 GMT 2007
On Mon, 12 Feb 2007, Neil Jolly wrote:
> On 12-Feb-07, at 12:38 PM, Charles Marcus wrote:
>> On 2/12/2007 Neil Jolly (neil at jollycom.ca) wrote:
>>> browseable = No
>>> read only = No
>>> guest ok = No
>> Don't need this?
>>> path = /home/%U
> I've tried with, and without this one
>>> users = %S
>> Typo? Shouldn't this be 'valid users = %S'
> Not according to :
> An excerpt:
> The only user works in conjunction with the users = list, so to get the
> behavior you require, add the line:
> users = %S
> This is equivalent to adding
> valid users = %S
> to the definition of the [homes] share, as recommended in the smb.conf man
The manpage for smb.conf says:
This parameter is a synonym for username.
Multiple users may be specified in a comma-delimited
list, in which case the supplied password will be
tested against each username in turn (left to right).
This is very different from the "valid users" parameter. I think the
securing-samba.html file is wrong in saying they are equivalent. If I'm
reading it right, you want "valid users = %S".
> Also unix permissions are rwx on all home dirs.
Why not just fix the unix permissions? We set home dirs to 700 and
public_html to 755 here.
More information about the samba