[Samba] Hide the files that doesn't have permission to access

Harry Jede walk2sun at arcor.de
Wed Oct 21 17:07:37 UTC 2015


On 18:49:01 wrote Nguyen Xuan. Hai:
> Thank you guys for your reply.
> 
> I tried but it still does not work
> 
> On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote:
> > These parameters must be put on share section, not in global
> > section
> > 
> >  hide unreadable = yes
> >  
> >     hide unwriteable files = yes
> > 
> > example
> > 
> > [smb_shr1]
> > 
> >         path = /mnt/LV002/share1
> >         read only = no
> >         create mode = 0777
> >         directory mode = 0777
> >         public = yes
> >         valid users = hai
> > 
> > hide unreadable = yes
> > 
> >         hide unwriteable files = yes
> > 
> > [smb_shr2]
> > 
> >         path = /mnt/LV002/share2
> >         writable = yes
> >         create mode = 0777
> >         directory mode = 0777
> >         public = yes
> >         valid users = test
> >         
> >          hide unreadable = yes
> >         
> >         hide unwriteable files = yes
> 
> I mean users see only shares they can access. So "browseable = no"
> does not solve my problem

...

> I tried but it still does not work
> 
> > Sure, that is what you force with your settings in smb.conf.
> > Remove:
> > public = yes
> > 
> > change the modes to 0XX0
> > the last bit is for the world or everyone or public
> 
> Thanks again
OK,
i give you a working example:

debby-3:~#  testparm -s --section-name=ftp 2>/dev/null
[ftp]
	path = /home/ftp
	guest ok = Yes
	hide unreadable = Yes


debby-3:~# ls -l /home/ftp/test
insgesamt 24
drwxr-xr-x 4 root  root 4096 18. Apr 2009  backports
drwxr-xr-x 4 root  root 4096 18. Apr 2009  debian
drwxr-xr-x 5 root  root 4096 25. Apr 2009  delixs
drwxr-xr-x 2 root  root 4096 21. Okt 17:43 dummy
drwxr-xr-x 2 root  root 4096 21. Okt 17:43 dummy2
drwxr-xr-x 2 hjede root 4096 21. Okt 17:43 dummy3

root at debian:~# smbclient //debby-3/ftp -c 'ls test/*' -Uhjede%
Domain=[KRONPRINZ] OS=[Unix] Server=[Samba 3.5.6]
  .                                   D        0  Wed Oct 21 17:43:37 2015
  ..                                  D        0  Fri Aug  7 18:15:16 2015
  dummy2                              D        0  Wed Oct 21 17:43:31 2015
  delixs                              D        0  Sat Apr 25 18:16:49 2009
  backports                           D        0  Sat Apr 18 20:12:23 2009
  debian                              D        0  Sat Apr 18 20:12:23 2009
  dummy3                              D        0  Wed Oct 21 17:43:37 2015
  dummy                               D        0  Wed Oct 21 17:43:28 2015

Now, remove the read bit for other for a directory or file:

debby-3:~# chmod o-r /home/ftp/test/dummy2
debby-3:~# ls -l /home/ftp/test
insgesamt 24
drwxr-xr-x 4 root  root 4096 18. Apr 2009  backports
drwxr-xr-x 4 root  root 4096 18. Apr 2009  debian
drwxr-xr-x 5 root  root 4096 25. Apr 2009  delixs
drwxr-xr-x 2 root  root 4096 21. Okt 17:43 dummy
drwxr-x--x 2 root  root 4096 21. Okt 17:43 dummy2
drwxr-xr-x 2 hjede root 4096 21. Okt 17:43 dummy3

root at debian:~# smbclient //debby-3/ftp -c 'ls test/*' -Uhjede
Domain=[KRONPRINZ] OS=[Unix] Server=[Samba 3.5.6]
  .                                   D        0  Wed Oct 21 17:43:37 2015
  ..                                  D        0  Fri Aug  7 18:15:16 2015
  delixs                              D        0  Sat Apr 25 18:16:49 2009
  backports                           D        0  Sat Apr 18 20:12:23 2009
  debian                              D        0  Sat Apr 18 20:12:23 2009
  dummy3                              D        0  Wed Oct 21 17:43:37 2015
  dummy                               D        0  Wed Oct 21 17:43:28 2015

the user hjede does *not* see the directory dummy2

hope this helps

-- 

regards
	Harry Jede


More information about the samba mailing list