[Samba] Hide the files that doesn't have permission to access

Gerry George george.gerry at gmail.com
Thu Oct 22 01:33:55 UTC 2015 

Even when trying to hide files and folders, the UNIX permissions are also
relevant.

Ensure that the "world" or public bit is not set - 0770
Also, ensure that the folder (and/or file) is group-owned by the relevant
group that the persons who don't need access to them are not a member of.
You may have to create new groups to achieve this. Otherwise, the user who
should not see the files, if a  member of the group which has
group-ownership to the files/folders will still be able to see them.

The user ownership does not matter too much in this instance if the group
membership and ownership is used to control access to the files.

Another tip, once the folder permissions are set, set the GID bit so that
those permissions will continue down into the folder for any files and
folders created within those folders, thus propagating your carefully
defined permissions down into the folder structure.

using a previously submitted example, it should look like this

drwxrws--- 4 root  hai-group 4096 18. Apr 2009  backports
drwxrws--- 4 root  hai-group 4096 18. Apr 2009  debian
drwxrws--- 5 root  test-group 4096 25. Apr 2009  delixs
.....

A member of hai-group will see "backports" and "debian", but not have
access to "delixs",  Similarly, a member of "test-group" will only have
access to "delixs", but not any of the others.


G.


On Wed, Oct 21, 2015 at 1:18 PM, Partha Sarathi <parthasarathi.bl at gmail.com>
wrote:

> Hi,
>
> Try these params to hide files when users doesn't have read/write access to
> them.
>
> hide unreadable (S)
>
> This parameter prevents clients from seeing the existance of files that
> cannot be read. Defaults to off.
>
> Default: *hide unreadable = no*
> hide unwriteable files (S)
>
> This parameter prevents clients from seeing the existance of files that
> cannot be written to. Defaults to off. Note that unwriteable directories
> are shown as usual.
>
> Default: *hide unwriteable files = no*
>
>
>
> On Wed, Oct 14, 2015 at 9:06 PM, Nguyen Xuan. Hai <
> hai.nguyenxuan at toshiba-tsdv.com> wrote:
>
> > Thank you guys for your reply.
> >
> > I tried but it still does not work
> > On 10/14/2015 5:37 PM, Stéphane PURNELLE wrote:
> >
> >>
> >> These parameters must be put on share section, not in global section
> >>
> >>  hide unreadable = yes
> >>     hide unwriteable files = yes
> >> example
> >>
> >> [smb_shr1]
> >>         path = /mnt/LV002/share1
> >>         read only = no
> >>         create mode = 0777
> >>         directory mode = 0777
> >>         public = yes
> >>         valid users = hai
> >> hide unreadable = yes
> >>         hide unwriteable files = yes
> >>
> >> [smb_shr2]
> >>         path = /mnt/LV002/share2
> >>         writable = yes
> >>         create mode = 0777
> >>         directory mode = 0777
> >>         public = yes
> >>         valid users = test
> >>          hide unreadable = yes
> >>         hide unwriteable files = yes
> >>
> >>
> > I mean users see only shares they can access. So "browseable = no" does
> > not solve my problem
> >
> >> Hi,
> >>
> >> Do you want users see only shares they can access or do you want users
> see
> >> only files they are allowed to open in some share?
> >>
> >> If the point is to hide shares you could try "browseable = no" in your
> >> shares declaration, as it is done on [homes] share in addition to "valid
> >> users = user" option.
> >>
> >
> > I tried but it still does not work
> >
> >> Sure, that is what you force with your settings in smb.conf.
> >> Remove:
> >> public = yes
> >>
> >> change the modes to 0XX0
> >> the last bit is for the world or everyone or public
> >>
> >
> > Thanks again
> >
> > --
> > =====================================================================
> > Nguyen Xuan Hai (Mr)
> >
> > Toshiba Software Development (Vietnam) Co.,Ltd
> >
> > =====================================================================
> >
> >
> > --
> > This mail was scanned by BitDefender
> > For more information please visit http://www.bitdefender.com
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> Thanks & Regards
> -Partha
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 

*Gerry E. George*
ICT Consultant and Solutions Provider &  Open Source Evangelist
*DigiSolv, Inc.* [P.O. Box 1677, Castries, Saint Lucia]
------------------------------
*Mobile*: (756) 716-2716 /* Int'l Office*: (347) 450-3444 / *Skype*:
DigiSolv
*Email*: *george.gerry at gmail.com <george.gerry at gmail.com>*    /
*ggeorge at digisolv.com
<ggeorge at digisolv.com>*

More information about the samba mailing list