[Samba] Fwd: Re: Restrict access to users home drives

"Th. Söldenwagner" ts at linexus.de
Fri Oct 25 08:27:29 MDT 2013

Hello Marc,

Am 24.10.2013 21:00, schrieb Marc Muehlfeld:
> Hello Thoralf,
> Am 24.10.2013 20:32, schrieb "Th. Söldenwagner":
>> is it possible to hide/restrict access to the home drives of our samba
>> users when accessing them directly via netbios address?
>> The server is running at school and there are several pupils who have
>> the ability to misuse this situation.
> Don't simply hide something! That's security by obscurity. And I'm 100%
> sure, that it will be abused. :-)
> Is it neccessary, that users have access to foreign homes? Or is it just
> a misconfiguration?

On the contrary! As I mentioned, I don't want all users have access to
foreign homes. So, maybe a misconfiguration. Following is what I did so far:

  Created user demo1 in ADUC and set its home drive to H: with the path

  the directory was automatically created on the samba (4.1.0) server
with these permissions: drwxrwxr-x+   2 3000000 users

The corresponding entry in smb.conf is:

	path = /files_samba/userdirs
	read only = yes
  created test.txt on H: as user demo1. The permissions are:
-rwxrwxr-x+   1 3000057 users     0 Oct 21 19:06 test.txt

4. logged in as user demo2 and opened the samba shares in address line:

All shares show up and I can open the data folder and all other user
folders except that I can't write to them. Users shouldn't be able to
see other folders at all or the data share should be restricted but I
have no idea how to set this up...
Should this be done in ADUC or on the samba side?

> Here's a HowTo about setting up file shares:
> http://wiki.samba.org/index.php/Setup_and_configure_file_shares
> It also describes how to configure permissions. If you use a filesystem
> that supports user_xattr, you can use all ACL stuff windows provides.

My filesystem supports user_xattr.

Best regards

More information about the samba mailing list