Options to restrict the security in Samba Server
valid users
It is required when some users only can access the directory, not all users.[sales]
path = /home/samba/sales
comment = Sales Data
writeable = yes
valid users = tom dick harry
Here sales directory can be accessed by the user listed in valid users.
invalid users
To explicitly deny the listed users access we use invalid users. If the user is present in both list then user can’t access the directory.[sales]
path = /home/samba/sales
comment = Sales Data
writeable = yes
valid users = tom dick harry
invalid users = kim
[sales]
comment = Sales Data
writeable = yes
valid users = tom dick harry
invalid users = kim
admin users
We can explicitly specify users who will be allowed as superuser (root) access to a share with the admin users option[sales]
path = /home/samba/sales
comment = Sales Data
writeable = yes
valid users = tom dick harry
admin users = mike
[sales]
path = /home/samba/sales
comment = Sales Data
read only = no
write list = tom dick
[sales]
path = /home/samba/sales
comment = Sales Data
read only = yes
write list = tom dick
[sales]
max connections = 30
Example:
hosts allow = 192.168.2., 127.0.0.1
allow hosts = 192.168.1.
allow hosts = 10.0.0.0/255.0.0.0
hosts allow = 10. except 10.0.0.12
hosts deny = 192.168.1.65, 192.168.1.66
hide unreadable = yes
browsable and browseable are both correct syntax.
comment = Sales Data
writeable = yes
valid users = tom dick harry
admin users = mike
read list
On a writable share, we can set a list of read only users with the read list parameter.[sales]
path = /home/samba/sales
comment = Sales Data
read only = no
write list = tom dick
write list
On a read only share, we can set a list of users that can write with the write list parameter.[sales]
path = /home/samba/sales
comment = Sales Data
read only = yes
write list = tom dick
max connections
This option specifies the maximum number of client connections that a share can have at any given time. Any connections that are attempted after the maximum is reached will be rejected. The default value is 0, which means that an unlimited number of connections are allowed.[sales]
max connections = 30
hosts allow
The hosts allow or allow hosts parameter is used to control of shares on the ip-address level. To allow only specific hosts to access a share we can list the hosts. Multiple hosts can be separated by comma.Example:
hosts allow = 192.168.2., 127.0.0.1
allow hosts = 192.168.1.
allow hosts = 10.0.0.0/255.0.0.0
hosts allow = 10. except 10.0.0.12
hosts deny
The hosts deny or deny hosts parameter is the used to deny specific hosts.hosts deny = 192.168.1.65, 192.168.1.66
hide unreadable
hide unreadable is used to prevent users from seeing files that cannot be read by them.hide unreadable = yes
browsable
browseable = no directive will hide shares from My Network Places. But it will not prevent someone from accessing the share (when the name of the share is known).browsable and browseable are both correct syntax.
No comments:
Post a Comment