[Samba] how to prevent copying programs on local harddisk from samba share
Daniel Müller
mueller at tropenklinik.de
Thu Oct 14 02:19:06 MDT 2010
I think you can restrict users of installing programs with policies but you
cannot restrict of running a executable which does no install at all
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Hubert Choma
Gesendet: Donnerstag, 14. Oktober 2010 08:48
An: samba
Betreff: [Samba] how to prevent copying programs on local harddisk from
samba share
Hello
Ia have samba PDC 3.3.8-0.52.el5_5.2 on centos 5.5. My clients - win XP
PRO SP3.
I have noticed that some users copy from sama share whole catalog with
program and run it from local drive where they got full access.
Write access for This share [geo$] is only for @geo group! Others can't
write . So they are workaround this !
How can I prevent copying programs from samba shares to a local drives
and run it from there? It is any possibility to secure programs and run
it from samba shares only ?
Please help!
[global]
workgroup = geodezja
server string = Samba Server %v
interfaces = 10.10.10.0/255.255.255.0 127.0.0.1
bind interfaces only = Yes
update encrypted = Yes
client ntlmv2 auth = yes
log level = 2 vfs:3 auth:2 passdb:3
log file = /var/log/samba/%U.%m.log
max log size = 500
#PERFORMANCE
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
read raw = yes
write raw = yes
max xmit = 65535
large readwrite = yes
add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "komputer (%u)" -M -d
/nohome -s /bin/false "%u"
# add machine script = /usr/sbin/useradd -g komputery -d /dev/null
-s /bin/false -M "%u"
logon script = %G.CMD
logon path =
logon home =
domain logons = yes
os level = 128
preferred master = yes
domain master = yes
local master = yes
remote browse sync = none
remote announce = none
dns proxy = No
wins support = yes
name resolve order = wins hosts bcast
hosts allow = 10.10.10.0/255.255.255.0 127.0.0.1
hosts deny = ALL
security = user
null passwords = no
deadtime = 0
map to guest = never
create mask = 0777
nt acl support = no
time server = yes
enable privileges = yes
passdb backend = tdbsam
username map = /etc/samba/smbusers
hide dot files = yes
guest ok = no
name cache timeout = 60
[geo$]
comment = Mapa
# oplock = yes
# level2oplocks = yes
# locking = yes
invalid users = @geodeta, at ewidencja,
write list = +geo
path = /home/samba/geo
force group = geo
force create mode = 0777
vfs object = recycle full_audit
recycle:repository = .recycle/%U
recycle:touch = true
recycle:keeptree = true
recycle:versions = false
recycle:exclude = *.TMP *.STP
recycle:directory_mode = 773
full_audit:prefix = %u|%m|%I|%S
full_audit:success = read pwrite write rename unlink rmdir mkdir
lock
pread
full_audit:failure = read write
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list