[Samba] Complex [homes] rule

Wed Mar 11 15:06:05 GMT 2009

add veto files = /*.mp3/*.wma/ so that they don't fill up their home 
directories with mp3's.  might also want hide dot files = yes and follow 
sym links = yes

David Markey wrote:
> [%U]
>         comment = Home Directories
>         browseable = yes
>         read only = no
>         path = %H
>         valid users = @"DOMAIN\postgrad"
>         ea support = yes
>         store dos attributes = yes
>         map readonly = no
>         map archive = no
>         map system = no
>         hide files = /*.desktop/*.ini/
>
>
> This seems to be working exactly the way I want it to. Does anyone see any
> security issues with the above configuration?
>
> Thanks for all the replys!
>
>
>
>
>
>
>
> On Tue, 10 Mar 2009 18:10:11 +0000, David Markey
> <dmarkey at dodds.dmarkey.com> wrote:
>   
>> No..
>>
>> I want only postgrad group to have access but I dont want them to access
>> anyone elses home directory as discussed previously(using the valid users
>> =
>> %D%w%S).
>>
>> In other words i need some kind of AND statement.
>>
>> i.e. valid users = @DOMAIN\postgrads AND %D%w%S
>>
>>
>>
>>
>>
>> On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin
>> <chaplina+samba at canisius.edu> wrote:
>>     
>>> I think you are saying you only want the postgrad group to have access 
>>> to their home directory share.
>>>
>>> Look at the smb.conf entry for "valid users".
>>>
>>> David Markey wrote:
>>>       
>>>> I really think i have explained the situation enough and its not that
>>>> complex. I only want the users in the postgrad group to get access to
>>>> their home directories via samba but i dont want them to be able to
>>>> access anyone elses. 
>>>>
>>>> include = %D%w%S.smb.conf wont work, that would obviosly mean id need
>>>> an include for for every user in the postgrad group i.e.
>>>> DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i
>>>> want. 
>>>> On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE  wrote: 
>>>> Could you provide more information about your configuration. 
>>>> a homes share with two access, why ? 
>>>> A idea :  
>>>> about include parameter, if you edit your smb.conf and put end of the
>>>> file the homes shares and the include parameter like :  
>>>> include = %D%w%S.smb.conf 
>>>> [homes] 
>>>> ... 
>>>> valid user= @postgrad 
>>>> and ofcourse define on %D%w%S.smb.conf (the correct homes share for
>>>> %D%w%S) 
>>>> -----------------------------------
>>>>  Stéphane PURNELLE                        
>>>> stephane.purnelle at corman.be
>>>>
>>>> Service Informatique       Corman S.A.           Tel : 00 32
>>>> 087/342467 
>>>> samba-bounces+stephane.purnelle=corman.be at lists.samba.org a
>>>> écrit sur 10/03/2009 17:52:07 :
>>>>  > If you are referring to
>>>> http://marc.info/?l=samba&m=122692173903872&w=2
>>>>  > 
>>>>  > This doesnt work for me because postgrad isnt the primary group of
>>>> those
>>>>  > particular users.
>>>>  > 
>>>>  > 
>>>>  > On Tue, 10 Mar 2009 16:18:44 +0000, Miguel Medalha 
>>>>  > wrote:
>>>>  > > 
>>>>  > >> Im my [homes] share i want to have two access rules. First one
>>>> is
>>>>  > >> %D%w%S so that DOMAINdmarkey will only be able to access his
>>>> own home
>>>>  > >> directory and nobody elses 
>>>>  > >> But I only want users in the postgrad group to be able to
>>>> access
>>>>  > >> their home directory. 
>>>>  > >>
>>>>  > >>   
>>>>  > > 
>>>>  > > That question has already been solved in previous posts. Please
>>>> search 
>>>>  > > the list.
>>>>  > > 
>>>>  > > The solution lies with the use of the "include" parameter.
>>>>  > 
>>>>  >
>>>>         
>>     
>
>   