[Samba] Complex [homes] rule
David Markey
dmarkey at dodds.dmarkey.com
Tue Mar 10 19:52:31 GMT 2009
[%U]
comment = Home Directories
browseable = yes
read only = no
path = %H
valid users = @"DOMAIN\postgrad"
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
hide files = /*.desktop/*.ini/
This seems to be working exactly the way I want it to. Does anyone see any
security issues with the above configuration?
Thanks for all the replys!
On Tue, 10 Mar 2009 18:10:11 +0000, David Markey
<dmarkey at dodds.dmarkey.com> wrote:
> No..
>
> I want only postgrad group to have access but I dont want them to access
> anyone elses home directory as discussed previously(using the valid users
> =
> %D%w%S).
>
> In other words i need some kind of AND statement.
>
> i.e. valid users = @DOMAIN\postgrads AND %D%w%S
>
>
>
>
>
> On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin
> <chaplina+samba at canisius.edu> wrote:
>> I think you are saying you only want the postgrad group to have access
>> to their home directory share.
>>
>> Look at the smb.conf entry for "valid users".
>>
>> David Markey wrote:
>>> I really think i have explained the situation enough and its not that
>>> complex. I only want the users in the postgrad group to get access to
>>> their home directories via samba but i dont want them to be able to
>>> access anyone elses.
>>>
>>> include = %D%w%S.smb.conf wont work, that would obviosly mean id need
>>> an include for for every user in the postgrad group i.e.
>>> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i
>>> want.
>>> On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote:
>>> Could you provide more information about your configuration.
>>> a homes share with two access, why ?
>>> A idea :
>>> about include parameter, if you edit your smb.conf and put end of the
>>> file the homes shares and the include parameter like :
>>> include = %D%w%S.smb.conf
>>> [homes]
>>> ...
>>> valid user= @postgrad
>>> and ofcourse define on %D%w%S.smb.conf (the correct homes share for
>>> %D%w%S)
>>> -----------------------------------
>>> Stéphane PURNELLE
>>> stephane.purnelle at corman.be
>>>
>>> Service Informatique Corman S.A. Tel : 00 32
>>> 087/342467
>>> samba-bounces+stephane.purnelle=corman.be at lists.samba.org a
>>> écrit sur 10/03/2009 17:52:07 :
>>> > If you are referring to
>>> http://marc.info/?l=samba&m=122692173903872&w=2
>>> >
>>> > This doesnt work for me because postgrad isnt the primary group of
>>> those
>>> > particular users.
>>> >
>>> >
>>> > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha
>>> > wrote:
>>> > >
>>> > >> Im my [homes] share i want to have two access rules. First one
>>> is
>>> > >> %D%w%S so that DOMAINdmarkey will only be able to access his
>>> own home
>>> > >> directory and nobody elses
>>> > >> But I only want users in the postgrad group to be able to
>>> access
>>> > >> their home directory.
>>> > >>
>>> > >>
>>> > >
>>> > > That question has already been solved in previous posts. Please
>>> search
>>> > > the list.
>>> > >
>>> > > The solution lies with the use of the "include" parameter.
>>> >
>>> >
>
>
More information about the samba
mailing list