[Samba] smb.conf group syntax question
rpenny at samba.org
Wed Nov 3 09:32:20 UTC 2021
On Wed, 2021-11-03 at 04:17 -0500, Patrick Goetz via samba wrote:
> I have yet to test this with winbind, but if I want to restrict
> to a share to the security group "staff", I think I would do this:
> comment = Share Directory
> path = /data/share
> guest ok = no
> browseable = yes
> writeable = yes
> create mask = 0770
> directory mask = 0770
> inherit acls = yes
> follow symlinks = yes
> wide links = yes
> valid users = @staff
> What if I want to restrict access to a group name with spaces in it;
> e.g. domain users?
> Would the syntax be
> valid users = @"domain users"
No, it wouldn't
> or something else?
> Also, I think "inherit acls = yes" is unnecessary because I have
> objects = acl_xattr" in the global section, but that's an aside.
You should have both in 'global'
> Also, I think the use of "wide links = yes" is discouraged because
> creates security issues? Is it best practice to not include this?
Do you want to give your users the ability to go anywhere on your
system ? I thought not, so do not use it.
More information about the samba