[Samba] security = ads, username map and valid users

Rainer Canavan rainer.canavan at sevenval.com
Thu Jan 24 07:52:35 MST 2013

I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to 
make some directories accessible as a filesystem to (some of) our developers. 
However, those directories are read and written by a web server, and all files 
and  directories in there should belong to www-data:www-data.

The obvious solution is a username map - just map everyone to www-data - but
then "valid users" or "user only" doesn't work anymore, since those are 
evaluated against the mapped user, not the username that was used to authenticate
against ADS. I have found no combination of username map, force user/force group,
valid users and/or username + only user that would do exactly what I want.

The closest thing so far is a username map plus a (locked) local Unix user and 
UID of www-data. However I'd prefer not to add local users.

Is there any switch that allows meaningful "valid users" together with a 
username map such as "www-data = *" ?



More information about the samba mailing list