[Samba] Write access to one user and Read-Only for anyother

Maginot Junior maginot.junior at gmail.com
Wed Jun 20 16:06:33 GMT 2007

Ok, I will try to be more precise.

This share:

  path = /home/memos
  read only = yes
  write list = foouser

must be read by everyone BUT must be write only by the foouser.
With the parameters like above I can login my foouser to get write/read
access and I can log any other user, until now its ok.

But the problem is that its asking for the username and password when I try
to access the share . For a regular user who will only read the files (read
access) this can be a problem because not everyone knows or remember the
password or username (they are tipical users who forget things easy) so What
i want to do is:

at the foouser computer (w2k box) I will Map the Share and set the login and
password so when he wants to upload any file to the share it will be
possible and all he will do will be to open the share ( z:\ ) .... but this
(the mapping)  will not be done in the other computers so they must not be
ask for a username and password, they must access the share direct (the smb
must recognize that the user is not foouser and login as a guest or whatever
be possible).

the smb.conf file (some shares were ommited)

        workgroup = DOMAIN
        netbios name = BNISERV04
        server string = Servidor de Arquivos
        interfaces =
        bind interfaces only = Yes
        encrypt passwords = Yes
        restrict anonymous = Yes
        log level = 5
        log file = /var/log/samba/log.%m
        max log size = 2048
        time server = Yes
        logon script = %u.bat
        logon drive = H:
        domain logons = Yes
        os level = 165
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        preload = homes
        invalid users = bin daemon adm sync shutdown            halt mail
news uucp operator
        admin users = root
        hosts allow =, 127.
        veto files = /mail/
        default case = lower
        case sensitive = No
        preserve case = No
        short preserve case = No
        guest account = gilberto
        map to guest = bad user
        comment = Home Directories
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
        comment = Temporary file space
        path = /tmp
        read only = No
        guest ok = Yes

        path = /home/export/netlogon
        browseable = No
        guest ok = yes

        path = /home/export/oracledocs/producao
        read only = No
        create mask = 0777
        force create mode = 0777
        directory mask = 0777

        path = /home/memos
        read only = yes
        write list = foouser

On 6/20/07, Eric Boehm <boehm at nortel.com> wrote:
> On Wed, Jun 20, 2007 at 12:37:09PM -0300, Maginot Junior wrote:
> >>>>> "Maginot" == Maginot Junior <maginot.junior at gmail.com> writes:
>     Maginot> Hmm now its workin... BUT one more thing, and if I dont
>     Maginot> want to be prompted for an user name ?  What I want to do
>     Maginot> is map the share with the foouser login and username info
>     Maginot> and all other who try to view the share could do it at
>     Maginot> the most transparent way, with no question for user and
>     Maginot> password... is that possible?
> We would need to see you whole smb.conf. I'm not following what you
> are trying to do. If you map the share to foouser login, then everyone
> will have access.
> Perhaps you could give more concrete examples of what it is you are
> seeing and what you are trying to do,.
> --
> Eric M. Boehm                  /"\  ASCII Ribbon Campaign
> boehm at nortel.com               \ /  No HTML or RTF in mail
>                                 X   No proprietary word-processing
> Respect Open Standards         / \  files in mail

Maginot Júnior
"the game of life"
LPIC - CCNA - ¿Designer?

More information about the samba mailing list