Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

User- and Group-Based Controls

User- and group-based controls can prove quite useful. In some situations it is distinctly desirable to force all file system operations as if a single user were doing so. The use of the force user and force group behavior will achieve this. In other situations it may be necessary to use a paranoia level of control to ensure that only particular authorized persons will be able to access a share or its contents. Here the use of the valid users or the invalid users parameter may be useful.

As always, it is highly advisable to use the easiest to maintain and the least ambiguous method for controlling access. Remember, when you leave the scene, someone else will need to provide assistance, and if he or she finds too great a mess or does not understand what you have done, there is risk of Samba being removed and an alternative solution being adopted.

User and Group Based Controls enumerates these controls.

Table15.2.User- and Group-Based Controls

Control Parameter Description, Action, Notes
admin users

List of users who will be granted administrative privileges on the share. They will do all file operations as the superuser (root). Users in this list will be able to do anything they like on the share, irrespective of file permissions.

force group

Specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service.

force user

Specifies a UNIX username that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. Incorrect use can cause security problems.

guest ok

If this parameter is set for a service, then no password is required to connect to the service. Privileges will be those of the guest account.

invalid users

List of users that should not be allowed to login to this service.

only user

Controls whether connections with usernames not in the user list will be allowed.

read list

List of users that are given read-only access to a service. Users in this list will not be given write access, no matter what the read-only option is set to.

username

Refer to the smb.conf man page for more information; this is a complex and potentially misused parameter.

valid users

List of users that should be allowed to login to this service.

write list

List of users that are given read-write access to a service.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire