[Samba] Complex [homes] rule

Dale Schroeder dale at BriannasSaladDressing.com
Tue Mar 10 18:23:01 GMT 2009 

David,

What about approaching this from another angle? Using posix permissions, 
create a special place for the postgrad user directories.

mkdir /home/postgrad
chmod 750 /home/postgrad
chown root:postgrad /home/postgrad

[homes]
path = /home/postgrad/%U
valid users = @postgrad
etc........

Ensure that the user subdirectories in /home/postgrad are 700.

Maybe?

Dale


David Markey wrote:
> No..
>
> I want only postgrad group to have access but I dont want them to access
> anyone elses home directory as discussed previously(using the valid users =
> %D%w%S).
>
> In other words i need some kind of AND statement.
>
> i.e. valid users = @DOMAIN\postgrads AND %D%w%S
>
>
>
>
>
> On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin
> <chaplina+samba at canisius.edu> wrote:
>   
>> I think you are saying you only want the postgrad group to have access 
>> to their home directory share.
>>
>> Look at the smb.conf entry for "valid users".
>>
>> David Markey wrote:
>>     
>>> I really think i have explained the situation enough and its not that
>>> complex. I only want the users in the postgrad group to get access to
>>> their home directories via samba but i dont want them to be able to
>>> access anyone elses. 
>>>
>>> include = %D%w%S.smb.conf wont work, that would obviosly mean id need
>>> an include for for every user in the postgrad group i.e.
>>> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i
>>> want. 
>>> On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE  wrote: 
>>> Could you provide more information about your configuration. 
>>> a homes share with two access, why ? 
>>> A idea :  
>>> about include parameter, if you edit your smb.conf and put end of the
>>> file the homes shares and the include parameter like :  
>>> include = %D%w%S.smb.conf 
>>> [homes] 
>>> ... 
>>> valid user= @postgrad 
>>> and ofcourse define on %D%w%S.smb.conf (the correct homes share for
>>> %D%w%S) 
>>> -----------------------------------
>>>  Stéphane PURNELLE                        
>>> stephane.purnelle at corman.be
>>>
>>> Service Informatique       Corman S.A.           Tel : 00 32
>>> 087/342467 
>>> samba-bounces+stephane.purnelle=corman.be at lists.samba.org a
>>> écrit sur 10/03/2009 17:52:07 :
>>>  > If you are referring to
>>> http://marc.info/?l=samba&m=122692173903872&w=2
>>>  > 
>>>  > This doesnt work for me because postgrad isnt the primary group of
>>> those
>>>  > particular users.
>>>  > 
>>>  > 
>>>  > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha 
>>>  > wrote:
>>>  > > 
>>>  > >> Im my [homes] share i want to have two access rules. First one
>>> is
>>>  > >> %D%w%S so that DOMAINdmarkey will only be able to access his
>>> own home
>>>  > >> directory and nobody elses 
>>>  > >> But I only want users in the postgrad group to be able to
>>> access
>>>  > >> their home directory. 
>>>  > >>
>>>  > >>   
>>>  > > 
>>>  > > That question has already been solved in previous posts. Please
>>> search 
>>>  > > the list.
>>>  > > 
>>>  > > The solution lies with the use of the "include" parameter.
>>>  > 
>>>  >
>>>       
>
>

More information about the samba mailing list