Show specific samba shares only to some users
I'd like to set up my samba so that each user has access to specific folders. Some of them for example have home folder on server and those should have access to their home folder, other don't and they shouldn't. I have set
[share1]
...
valid users = user1, user2
#those users have access to this share
...
The result is that only some users have access to those folders, that is good. But when I log as user3 he sees this share1, but cannot access it. How can I make it visible only to some users, so that users that cannot access share don't see it at all?
I have found some suggestions to use browseable list = user1 user2 but it doesn't work for me, testparm says that browseable list is incorrect.
debian samba file-sharing
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
add a comment |
I'd like to set up my samba so that each user has access to specific folders. Some of them for example have home folder on server and those should have access to their home folder, other don't and they shouldn't. I have set
[share1]
...
valid users = user1, user2
#those users have access to this share
...
The result is that only some users have access to those folders, that is good. But when I log as user3 he sees this share1, but cannot access it. How can I make it visible only to some users, so that users that cannot access share don't see it at all?
I have found some suggestions to use browseable list = user1 user2 but it doesn't work for me, testparm says that browseable list is incorrect.
debian samba file-sharing
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
add a comment |
I'd like to set up my samba so that each user has access to specific folders. Some of them for example have home folder on server and those should have access to their home folder, other don't and they shouldn't. I have set
[share1]
...
valid users = user1, user2
#those users have access to this share
...
The result is that only some users have access to those folders, that is good. But when I log as user3 he sees this share1, but cannot access it. How can I make it visible only to some users, so that users that cannot access share don't see it at all?
I have found some suggestions to use browseable list = user1 user2 but it doesn't work for me, testparm says that browseable list is incorrect.
debian samba file-sharing
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
I'd like to set up my samba so that each user has access to specific folders. Some of them for example have home folder on server and those should have access to their home folder, other don't and they shouldn't. I have set
[share1]
...
valid users = user1, user2
#those users have access to this share
...
The result is that only some users have access to those folders, that is good. But when I log as user3 he sees this share1, but cannot access it. How can I make it visible only to some users, so that users that cannot access share don't see it at all?
I have found some suggestions to use browseable list = user1 user2 but it doesn't work for me, testparm says that browseable list is incorrect.
debian samba file-sharing
debian samba file-sharing
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
edited Nov 27 '15 at 2:55
fulaphex
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
asked Nov 27 '15 at 2:13
fulaphexfulaphex
14312
14312
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
What you want seems to only be possible via an ugly hack.
First set the share to browseable = no and include /etc/samba/sharename.%U.conf.
[sharename]
path = /path/to/share
valid users = user1, user2
public = no
browseable = no
writeable = yes
include = /etc/samba/sharename.%U.conf
The following lines are then put in the files /etc/samba/sharename.user1.conf and /etc/samba/sharename.user2.conf. Of course, only one of these need exist as a regular file, the other can be a symlink.
[sharename]
browseable = yes
Note, however, the definition of %U in man smb.conf:
%U
session username (the username that the client wanted, not
necessarily the same as the one they got).
If I'm reading this correctly, it implies that anyone using smbclient (or other CIFS tool that allows the user to specify the username) can "browse" the share with the -U user1 or -U user2 options, without needing the password.
answered Nov 27 '15 at 4:32
cascas
39.4k454103
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
add a comment |
I made a share called test.
It does not appear in shared directory list. I have to access it like this: x.x.x.xtest
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f245785%2fshow-specific-samba-shares-only-to-some-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
What you want seems to only be possible via an ugly hack.
First set the share to browseable = no and include /etc/samba/sharename.%U.conf.
[sharename]
path = /path/to/share
valid users = user1, user2
public = no
browseable = no
writeable = yes
include = /etc/samba/sharename.%U.conf
The following lines are then put in the files /etc/samba/sharename.user1.conf and /etc/samba/sharename.user2.conf. Of course, only one of these need exist as a regular file, the other can be a symlink.
[sharename]
browseable = yes
Note, however, the definition of %U in man smb.conf:
%U
session username (the username that the client wanted, not
necessarily the same as the one they got).
If I'm reading this correctly, it implies that anyone using smbclient (or other CIFS tool that allows the user to specify the username) can "browse" the share with the -U user1 or -U user2 options, without needing the password.
answered Nov 27 '15 at 4:32
cascas
39.4k454103
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
add a comment |
What you want seems to only be possible via an ugly hack.
First set the share to browseable = no and include /etc/samba/sharename.%U.conf.
[sharename]
path = /path/to/share
valid users = user1, user2
public = no
browseable = no
writeable = yes
include = /etc/samba/sharename.%U.conf
The following lines are then put in the files /etc/samba/sharename.user1.conf and /etc/samba/sharename.user2.conf. Of course, only one of these need exist as a regular file, the other can be a symlink.
[sharename]
browseable = yes
Note, however, the definition of %U in man smb.conf:
%U
session username (the username that the client wanted, not
necessarily the same as the one they got).
If I'm reading this correctly, it implies that anyone using smbclient (or other CIFS tool that allows the user to specify the username) can "browse" the share with the -U user1 or -U user2 options, without needing the password.
answered Nov 27 '15 at 4:32
cascas
39.4k454103
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
add a comment |
What you want seems to only be possible via an ugly hack.
First set the share to browseable = no and include /etc/samba/sharename.%U.conf.
[sharename]
path = /path/to/share
valid users = user1, user2
public = no
browseable = no
writeable = yes
include = /etc/samba/sharename.%U.conf
The following lines are then put in the files /etc/samba/sharename.user1.conf and /etc/samba/sharename.user2.conf. Of course, only one of these need exist as a regular file, the other can be a symlink.
[sharename]
browseable = yes
Note, however, the definition of %U in man smb.conf:
%U
session username (the username that the client wanted, not
necessarily the same as the one they got).
If I'm reading this correctly, it implies that anyone using smbclient (or other CIFS tool that allows the user to specify the username) can "browse" the share with the -U user1 or -U user2 options, without needing the password.
answered Nov 27 '15 at 4:32
cascas
39.4k454103
What you want seems to only be possible via an ugly hack.
First set the share to browseable = no and include /etc/samba/sharename.%U.conf.
[sharename]
path = /path/to/share
valid users = user1, user2
public = no
browseable = no
writeable = yes
include = /etc/samba/sharename.%U.conf
The following lines are then put in the files /etc/samba/sharename.user1.conf and /etc/samba/sharename.user2.conf. Of course, only one of these need exist as a regular file, the other can be a symlink.
[sharename]
browseable = yes
Note, however, the definition of %U in man smb.conf:
%U
session username (the username that the client wanted, not
necessarily the same as the one they got).
If I'm reading this correctly, it implies that anyone using smbclient (or other CIFS tool that allows the user to specify the username) can "browse" the share with the -U user1 or -U user2 options, without needing the password.
answered Nov 27 '15 at 4:32
cascas
39.4k454103
answered Nov 27 '15 at 4:32
cascas
39.4k454103
answered Nov 27 '15 at 4:32
cascas
39.4k454103
answered Nov 27 '15 at 4:32
cascas
39.4k454103
39.4k454103
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
add a comment |
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
Your hack generally works, but doesn't for home directories. I guess I will have to handle them individually
– fulaphex
Nov 28 '15 at 2:39
add a comment |
I made a share called test.
It does not appear in shared directory list. I have to access it like this: x.x.x.xtest
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I made a share called test.
It does not appear in shared directory list. I have to access it like this: x.x.x.xtest
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I made a share called test.
It does not appear in shared directory list. I have to access it like this: x.x.x.xtest
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I made a share called test.
It does not appear in shared directory list. I have to access it like this: x.x.x.xtest
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
answered 3 hours ago
Gabriel CalusaruGabriel Calusaru
1
1
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Gabriel Calusaru is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f245785%2fshow-specific-samba-shares-only-to-some-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
