[Samba] Regarding close-denied-share option

Rowland Penny rpenny at samba.org
Wed Jun 18 15:02:09 UTC 2025 

On Wed, 18 Jun 2025 14:41:38 +0000
"., Srikanth N S" <srikanth.nagasubbaraoseetharaman at hpe.com> wrote:

> >I do not know how you can get smbd to know if a user was just added
> >to 'write list' or removed from 'read list', mainly because the
> >permissions etc are set at connection time, the user needs to be
> >disconnected and then reconnect to get the new permission.
> 
> From the man page of smbcontrol
> 
> close-denied-share
> 
> Behave like close-share, but don't disconnect users that are still
> allowed to access the share. It can safely be sent to all smbds after
> changing share access controls. It will only affect users who have
> been denied access since having connected initially. This message can
> only be sent to smbd.
> 
> We can see that it will only affect users who have been denied access
> since having connected initially. In this case since the user is
> denied write access since having connected initially and hence we
> expect close-denied-share to disconnect smb client which is not
> happening. As per my understanding from the man page “It will only
> affect users who have been denied access” if close-denied-share is
> able to disconnect smb clients then it should know which users are
> affected.
> 
> Please clarify.
> 

I thought I had clarified this, but hey ho.

If a user connects to a share and receives write permissions, then while
still connected, they are added to the 'read list' and 'smbcontrol smbd
close-denied-share' is run on the server, the user will be
disconnected. When they reconnect, they reconnect 'read only'.

Okay so far ?

Then while still connected, they are removed from 'read list' and
'smbcontrol smbd close-denied-share' is run again. At this point (I
presume, I haven't checked the code), smbd consults the 'read list',
checks connections for any users that are ON the 'read list' and
disconnects them. As your user is NOT on the 'read list' it does not
get disconnected and continues with the read only connection.

Please stop 'CC'ing me, it breaks my email flow, please just reply to
the list.

Rowland

More information about the samba mailing list