[Samba] how to prevent copying programs on local harddisk from samba share

Daniel Müller mueller at tropenklinik.de
Thu Oct 14 02:19:06 MDT 2010

I think you can restrict users of installing programs with policies but you
cannot restrict of running a executable which does no install at all  

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Hubert Choma
Gesendet: Donnerstag, 14. Oktober 2010 08:48
An: samba
Betreff: [Samba] how to prevent copying programs on local harddisk from
samba share


Ia have samba PDC 3.3.8-0.52.el5_5.2 on centos 5.5. My clients - win XP 

I have noticed that some users copy from sama share whole catalog with 
program and run it from local drive where they got full access.
Write access for This share [geo$] is only for @geo group! Others can't 
write . So they are workaround this !

How can I prevent copying programs from samba shares to a local drives 
and run it from there? It is any possibility to secure programs and run 
it from samba shares only ?

Please help!

        workgroup = geodezja
        server string = Samba Server %v
        interfaces =
        bind interfaces only = Yes

        update encrypted = Yes
        client ntlmv2 auth = yes
        log level = 2 vfs:3 auth:2 passdb:3
        log file = /var/log/samba/%U.%m.log
        max log size = 500
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        read raw = yes
        write raw = yes
        max xmit = 65535
        large readwrite = yes

        add user script = /usr/sbin/useradd "%u" -n -g users
        add group script = /usr/sbin/groupadd "%g"
        add machine script = /usr/sbin/useradd -n -c "komputer (%u)" -M -d 
/nohome -s /bin/false "%u"
#       add machine script = /usr/sbin/useradd -g komputery -d /dev/null 
-s /bin/false -M "%u"

        logon script = %G.CMD

        logon path =
        logon home =
        domain logons = yes
        os level = 128
        preferred master = yes
        domain master = yes
        local master = yes
        remote browse sync = none
        remote announce = none
        dns proxy = No
        wins support = yes
        name resolve order = wins hosts bcast
        hosts allow =
        hosts deny = ALL
        security = user
        null passwords = no
        deadtime = 0
        map to guest = never
        create mask = 0777
        nt acl support = no
        time server = yes
        enable privileges = yes
        passdb backend = tdbsam
        username map = /etc/samba/smbusers
        hide dot files = yes
        guest ok = no
        name cache timeout = 60

        comment = Mapa
#       oplock = yes
#       level2oplocks = yes
#       locking = yes
        invalid users = @geodeta, at ewidencja,
        write list = +geo
        path = /home/samba/geo
        force group = geo
        force create mode = 0777
        vfs object = recycle full_audit
        recycle:repository = .recycle/%U
        recycle:touch = true
        recycle:keeptree = true
        recycle:versions = false
        recycle:exclude = *.TMP *.STP
        recycle:directory_mode = 773
        full_audit:prefix = %u|%m|%I|%S
        full_audit:success = read pwrite write rename unlink rmdir mkdir
        full_audit:failure = read write

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list