[Samba] smb.conf group syntax question
Rowland Penny
rpenny at samba.org
Wed Nov 3 10:00:56 UTC 2021
On Wed, 2021-11-03 at 04:48 -0500, Patrick Goetz via samba wrote:
>
> On 11/3/21 04:32, Rowland Penny via samba wrote:
> > On Wed, 2021-11-03 at 04:17 -0500, Patrick Goetz via samba wrote:
> > > I have yet to test this with winbind, but if I want to restrict
> > > access
> > > to a share to the security group "staff", I think I would do
> > > this:
> > >
> > > [share]
> > > comment = Share Directory
> > > path = /data/share
> > > guest ok = no
> > > browseable = yes
> > > writeable = yes
> > > create mask = 0770
> > > directory mask = 0770
> > > inherit acls = yes
> > > follow symlinks = yes
> > > wide links = yes
> > > valid users = @staff
> > >
> > > What if I want to restrict access to a group name with spaces in
> > > it;
> > > e.g. domain users?
> > >
> > > Would the syntax be
> > >
> > > valid users = @"domain users"
> >
> > No, it wouldn't
> >
> > > or something else?
> >
> > Use setfacl
> >
>
> Sorry, I'm not following what you're saying. The suggestion is don't
> set
> a "valid users" parameter at all and just use filesystem ACLs to
> restrict access to the share?
No, not if you are referring to the standard Linux 'ugo' permissions, I
am referring to extended acls you set with 'setfacl' and read with
'getfacl'
Better still is to set the permissions from Windows.
Rowland
More information about the samba
mailing list