[EMAIL PROTECTED] writes: > Well, I thought I knew Samba permissions, but I guess I don't. > >Currently, any user that has an account on the Samba server has access >to the share "Accounting". > >So, let's say I have user1, user2, user3, user4 >I have added user1, user2 and user3 to the accounting group. user4 is >not a member of accounting. > >On the server itself (not for Samba), I set up permissions for the >folder as 774 for all directories and files therein. User/group >permission are set as admin.accounting > >The samba section for this share reads: > >[Accounting] > comment = Accounting > path = /home/accounting > read only = No > create mask = 0770 > force create mode = 0770 > security mask = 0770 > directory mask = 0770 > force directory mode = 0770 > directory security mask = 0770 > inherit permissions = Yes > > >If any local user access this share, they also automatically become part >of the accounting group (as far as samba is concerned). > >Now, if I add a line "valid users = user1, user2, user 3" then of >course, just they can get in. But that doesn't seem to be the right >solution. The right solution would be to permit only accounting group >users into the folder. What am I doing wrong? > >-- >Curtis Vaughan >North Pacific Corporation > >http://www.angelfire.com/wa/noentry/home.htm >WashTech (CWA Local 37083) >IWW x353203 > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba
I have a share setup to allow only a specific group. eg. [projects] path = /Volumes/iRAID/projects public = NO read only = NO comment = Project Files force directory mode = 0770 force create mode = 0770 valid users = @projects the valid users = @group makes it so that the user must be in that specific group to enter. It is in the smb.conf manual. try man smb.conf or find it on your mirror of samba.org >> snip valid users (S) This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the invalid users parameter. If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user. The current servicename is substituted for %S . This is useful in the [homes] section. See also invalid users Default: No valid users list (anyone can login) Example: valid users = greg, @pcusers << Kyle Loree Rendek Communications [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba