I saw some unexpected behavior in the interaction of hosts allow and hosts deny on Samba 3.0.28. I built Samba 3.2.4 just to be sure it wasn't something that had been fixed. I saw the same behavior.
I'm not sure if it is a bug or a failure on my part to understand the documentation or misleading documentation. If I have a share defined as [export] comment = exported storage path = /export # admin users = boehm hosts allow = boehm-1 hosts deny = boehm-3 oplocks = no level2 oplocks = no guest ok = no create mask = 0775 directory mask = 0775 map archive = no writeable = yes Then host boehm-1 has access and boehm-3 is denied access. The odd part is that every other host now has access as well (e.g., boehm-2) Now, if I had only hosts allow and no hosts deny, only host boehm-1 would have access. hosts allow = boehm-1 # hosts deny = boehm-3 The confusing part, to me, was that adding hosts deny for a single host suddenly opened up the share to every host that wasn't in hosts deny, regardless as to whether they were in hosts allow. The man page for smb.conf has an example for both hosts allows and hosts deny Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host hosts allow = @foonet hosts deny = pirate Note Note that access still requires suitable user-level passwords. See testparm(1) for a way of testing your host access to see if it does what you expect. This doesn't mention that every host but pirate will have access, not just those in @foonet. I see this as a bug but I wonder if I am missing something. -- Eric M. Boehm /"\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba