Re: [Samba] Complex [homes] rule
add veto files = /*.mp3/*.wma/ so that they don't fill up their home directories with mp3's. might also want hide dot files = yes and follow sym links = yes David Markey wrote: [%U] comment = Home Directories browseable = yes read only = no path = %H valid users = @DOMAIN\postgrad ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no hide files = /*.desktop/*.ini/ This seems to be working exactly the way I want it to. Does anyone see any security issues with the above configuration? Thanks for all the replys! On Tue, 10 Mar 2009 18:10:11 +, David Markey dmar...@dodds.dmarkey.com wrote: No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin chaplina+sa...@canisius.edu wrote: I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE [Samba] Complex [homes] rule
Hi, In other word (if I understand), each users (%D%w%S) have access to her home directory and postgard group must be able to access to all homes folder ? If you want this, is preferable to create a other share witn the path of home directory and put access to postgrad on this share be carrefull : homes share is particular ! --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 16:46:01 : Hi All Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. How could i implement both rules on the [homes] share? Example: %D%w%S AND @DOMAINPostgrad Any Ideas? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RE [Samba] Complex [homes] rule
No Sorry, The only people who i want to give access to their own home directory is postgrad. but I only want them to access their own home dirctory not anyone elses(i.e the %D%w%S rule) Any clearer? On Tue, 10 Mar 2009 16:55:14 +0100, Stéphane PURNELLE stephane.purne...@corman.be wrote: Hi, In other word (if I understand), each users (%D%w%S) have access to her home directory and postgard group must be able to access to all homes folder ? If you want this, is preferable to create a other share witn the path of home directory and put access to postgrad on this share be carrefull : homes share is particular ! --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 16:46:01 : Hi All Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. How could i implement both rules on the [homes] share? Example: %D%w%S AND @DOMAINPostgrad Any Ideas? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RE [Samba] Complex [homes] rule
ah ok, sorry, But I don't have the answer for you. Usually, the homes share is the user home directory and is not a standard share. the homes share in smb.conf contain theses parameter (normal config : [homes] path = /path/to/home/directory/%U force user = %U read only = No directory mask = 0700 browseable = No hide dot files = yes maybe I have a solution (a idea while I write this mail), read in samba howto collection on samba website about the include parameter. It's possible to made multiple sub smb.conf for containe particular share... --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 David Markey dmar...@dodds.dmarkey.com a écrit sur 10/03/2009 17:00:02 : No Sorry, The only people who i want to give access to their own home directory is postgrad. but I only want them to access their own home dirctory not anyone elses(i.e the %D%w%S rule) Any clearer? On Tue, 10 Mar 2009 16:55:14 +0100, Stéphane PURNELLE stephane.purne...@corman.be wrote: Hi, In other word (if I understand), each users (%D%w%S) have access to her home directory and postgard group must be able to access to all homes folder ? If you want this, is preferable to create a other share witn the path of home directory and put access to postgrad on this share be carrefull : homes share is particular ! --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 16:46:01 : Hi All Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. How could i implement both rules on the [homes] share? Example: %D%w%S AND @DOMAINPostgrad Any Ideas? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha miguelmeda...@sapo.pt wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S ) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha miguelmeda...@sapo.pt wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin chaplina+sa...@canisius.edu wrote: I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
David, What about approaching this from another angle? Using posix permissions, create a special place for the postgrad user directories. mkdir /home/postgrad chmod 750 /home/postgrad chown root:postgrad /home/postgrad [homes] path = /home/postgrad/%U valid users = @postgrad etc Ensure that the user subdirectories in /home/postgrad are 700. Maybe? Dale David Markey wrote: No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin chaplina+sa...@canisius.edu wrote: I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
On Tue, 2009-03-10 at 18:10 +, David Markey wrote: No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S Have you actually tried - [homedir] comment = Home Directory path = %D%U valid users = @postgrads I think it will do what you want. The path expands to the value of %D%U and the user doesn't have anyway around that. Therefore @postgrads would be the only one's with access to %D%U but %D%U expands specifically to the user's DOMAINlogin. They won't have access to anyone else's shares unless they do so by some other means. -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Complex [homes] rule
[%U] comment = Home Directories browseable = yes read only = no path = %H valid users = @DOMAIN\postgrad ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no hide files = /*.desktop/*.ini/ This seems to be working exactly the way I want it to. Does anyone see any security issues with the above configuration? Thanks for all the replys! On Tue, 10 Mar 2009 18:10:11 +, David Markey dmar...@dodds.dmarkey.com wrote: No.. I want only postgrad group to have access but I dont want them to access anyone elses home directory as discussed previously(using the valid users = %D%w%S). In other words i need some kind of AND statement. i.e. valid users = @DOMAIN\postgrads AND %D%w%S On Tue, 10 Mar 2009 14:04:29 -0400, Andrew Chaplin chaplina+sa...@canisius.edu wrote: I think you are saying you only want the postgrad group to have access to their home directory share. Look at the smb.conf entry for valid users. David Markey wrote: I really think i have explained the situation enough and its not that complex. I only want the users in the postgrad group to get access to their home directories via samba but i dont want them to be able to access anyone elses. include = %D%w%S.smb.conf wont work, that would obviosly mean id need an include for for every user in the postgrad group i.e. DOMAINdmarkey.smb.conf DOMAINjoebloggs.smb.conf which is not what i want. On Tue, 10 Mar 2009 18:08:15 +0100, Stéphane PURNELLE wrote: Could you provide more information about your configuration. a homes share with two access, why ? A idea : about include parameter, if you edit your smb.conf and put end of the file the homes shares and the include parameter like : include = %D%w%S.smb.conf [homes] ... valid user= @postgrad and ofcourse define on %D%w%S.smb.conf (the correct homes share for %D%w%S) --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 10/03/2009 17:52:07 : If you are referring to http://marc.info/?l=sambam=122692173903872w=2 This doesnt work for me because postgrad isnt the primary group of those particular users. On Tue, 10 Mar 2009 16:18:44 +, Miguel Medalha wrote: Im my [homes] share i want to have two access rules. First one is %D%w%S so that DOMAINdmarkey will only be able to access his own home directory and nobody elses But I only want users in the postgrad group to be able to access their home directory. That question has already been solved in previous posts. Please search the list. The solution lies with the use of the include parameter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba