[Samba] security = ads, username map and valid users
Rainer Canavan
rainer.canavan at sevenval.com
Thu Jan 24 07:52:35 MST 2013
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to
make some directories accessible as a filesystem to (some of) our developers.
However, those directories are read and written by a web server, and all files
and directories in there should belong to www-data:www-data.
The obvious solution is a username map - just map everyone to www-data - but
then "valid users" or "user only" doesn't work anymore, since those are
evaluated against the mapped user, not the username that was used to authenticate
against ADS. I have found no combination of username map, force user/force group,
valid users and/or username + only user that would do exactly what I want.
The closest thing so far is a username map plus a (locked) local Unix user and
UID of www-data. However I'd prefer not to add local users.
Is there any switch that allows meaningful "valid users" together with a
username map such as "www-data = *" ?
Thanks,
rainer
More information about the samba
mailing list