Often you will need to restrict the users who can access a specific share for security reasons. This is very easy to do with Samba because it contains a wealth of options for creating practically any security configuration. Let’s introduce a few configurations that you might want to use in your own Samba setup.
We’ve seen what happens when you specify valid
users. However, you are also allowed to specify a list of
invalid users—users who should never be
allowed access to Samba or its shares. This is done with the
option. We hinted at one frequent use of this option earlier: a
global default with the
[homes] section to ensure
that various system users and superusers cannot be forged for access.
[global] invalid users = root bin daemon adm sync shutdown \ halt mail news uucp operator auto services = dave peter bob [homes] browsable = no writable = yes
users option, like
users, can take group
names, preceded by an at sign (
@), as well as
usernames. In the event that a user or group appears in both lists,
users option takes
precedence, and the user or group is denied access to the share.
At the other end of the spectrum, you can explicitly specify users
who will be allowed
superuser (root) access to a share with
option. An example follows:
[sales] path = /home/sales comment = Sedona Real Estate Sales Data writable = yes valid users = sofie shelby adilia admin users = mike
This option ...