From: zoolook on
2010/5/12 William P.N. Smith <w_smith(a)compusmiths.com>:

> It seems if I have a share that someone can read, anyone can read it, is
> that right?

depends; how did you configure your shares?


> but +staff isn't documented anywhere (user or @group is, but not +staff),
> and adding creating a Linux group called staff and adding users to it
> doesn't help.

+ is explained in the manual. Did you read it?


> Thanks in advance for any hints!


man smb.conf:

valid users (S)

This is a list of users that should be allowed to login to
this service. Names starting with ´@´, ´+´ and ´&´
are interpreted using the same rules as described in the
invalid users parameter.

If this is empty (the default) then any user can login. If
a username is in both this list and the invalid
users list then access is denied for that user.

The current servicename is substituted for %S. This is
useful in the [homes] section.

Default: valid users = # No valid users list (anyone can login)

Example: valid users = greg, @pcusers


HTH,
Norberto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Dale Schroeder on
On 05/12/2010 3:48 PM, William P.N. Smith wrote:
> This should be simple, but I've been pounding my head against it for
> several hours, and I'm not getting the result I want.
>
> I'd like to be able to select shares, whether they are the root of a
> drive or /home/username and designate who can read and who can
> read/write.
>
> Does Samba have it's own groups to go with it's own users?
Any defined group can be controlled via Samba.
>
> I really can only use "security = user" in this case...
>
> I'd like to do something like give the root user read/write access to
> the root of the drive, give user roy read-only access to the root of
> the drive, and give user willie read/write access to /home/pictures,
> is there a way to do that with Samba or is that a Linux/groups/acl
> kind of thing?
Usually a combination of the two.
>
> It seems if I have a share that someone can read, anyone can read it,
> is that right?
That depends on posix permissions, posix acl's, and the parameters in
your Samba share definition.
>
> There are some hints in the default smb.conf like:
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> ; [public]
> ; comment = Public Stuff
> ; path = /home/samba
> ; public = yes
> ; writable = yes
> ; printable = no
> ; write list = +staff
>
> but +staff isn't documented anywhere (user or @group is, but not
> +staff), and adding creating a Linux group called staff and adding
> users to it doesn't help.
"+" in front of a group defines that group as being local.
>
> Thanks in advance for any hints!
Redefine what it is you're trying to achieve by giving us an example
share and path, along with the users and groups that are to have access
to that share,
and whether the access is to be read-only or read-write for each user/group.

Dale
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba