NAME
sadms-share - manage shares
You will find below some reference data to help you fine\fB-tune
the settings and tailor the shared spaces to your needs. Proper
permissions are obtained by tuning both the share level and the
file system level and it can be very tricky. File system
permissions are available for changes in the last tab.
share tutorial
REFERENCE
from Samba 3 official documentation
invalid users
(S) Specifies a list of users that can connect to a share
and that should not be allowed to login to this service. A name
starting with a '@' is interpreted as an NIS netgroup first (if
your system supports NIS), and then as a UNIX group if the name
was not found in the NIS netgroup database. A name starting with
'+' is interpreted only by looking in the UNIX group database. A
name starting with '&' is interpreted only by looking in the NIS
netgroup database (this requires NIS to be working on your
system). The characters '+' and '&' may be used at the start of
the name in either order so the value +&group means check the
UNIX group database, followed by the NIS netgroup database, and
the value &+group means check the NIS netgroup database,
followed by the UNIX group database (the same as the '@'
prefix). Default: NULL, no invalid users
valid users
(S) Specifies a list of users that can connect to a share
and should be allowed to login to this service. A name starting
with a '@' is interpreted as an NIS netgroup first (if your
system supports NIS), and then as a UNIX group if the name was
not found in the NIS netgroup database. A name starting with '+'
is interpreted only by looking in the UNIX group database. A
name starting with '&' is interpreted only by looking in the NIS
netgroup database (this requires NIS to be working on your
system). The characters '+' and '&' may be used at the start of
the name in either order so the value +&group means check the
UNIX group database, followed by the NIS netgroup database, and
the value &+group means check the NIS netgroup database,
followed by the UNIX group database (the same as the '@'
prefix). If this is empty (the default) then any user can login.
If a username is in both this list and the invalid users list
then access is denied for that user. Default: NULL, no valid
users list (allows everyone, anyone can login)
guest ok
If this parameter is set for a service, then no password is
required to connect to the service. Privileges will be those of
the guest account.
admin users
(S) Specifies a list of users who will be granted
administrative privileges on the share. They will do all file
operations as the super\fB-user (root). You should use this
option very carefully, as any user in this list will be able to
do anything they like on the share, irrespective of file
permissions. Default: NULL, no admin users.
force group
(S) Specifies a UNIX group name that will be assigned as the
default primary group for all users connecting to this service.
This option, sometimes called group, assigns a static group ID
that will be used on all connections to a share after the client
has successfully authenticated. This is useful for sharing files
by ensuring that all access to files on service will use the
named group for their permissions checking. Thus, by assigning
permissions for this group to the files and directories within
this service the Samba administrator can restrict or allow
sharing of these files. This assigns a specific group to each
new file or directory created from an SMB client. Allowable
values: a Unix group name. Sets the effective group name
assigned to all users accessing a share. Used to override a
user's normal group memberships. In Samba 2.0.5 and above this
parameter has extended functionality in the following way. If
the group name listed here has a '+' character prepended to it
then the current user accessing the share only has the primary
group default assigned to this group if they are already
assigned as a member of that group. This allows an administrator
to decide that only users who are already in a particular group
will create files with group ownership set to that group. This
gives a finer granularity of ownership assignment. For example,
the setting force group = +sys means that only users who are
already in group sys will have their default primary group
assigned to sys when accessing this Samba share. All other users
will retain their ordinary primary group. If the parameter is
also set the group specified in force group will override the
primary group set in force user. Default: NULL, no forced group
force user
(S) Specifies a UNIX user name that will be assigned as the
default user for all users connecting to this service. This is
useful for sharing files. You should also use it carefully as
using it incorrectly can cause security problems. The force user
option assigns a static user ID that will be used on all
connections to a share after the client has successfully
authenticated. This user name only gets used once a connection
is established. Thus clients still need to connect as a valid
user and supply a valid password. Once connected, all file
operations will be performed as the "forced user", no matter
what username the client connected as. This assigns a specific
user to each new file or directory created from an SMB client.
In Samba 2.0.5 and above this parameter also causes the primary
group of the forced user to be used as the primary group for all
file activity. Prior to 2.0.5 the primary group was left as the
primary group of the connecting user (this was a bug). Default:
NULL, no forced user
read list
(S) List of users that are given read\fB-only access to a
service. If the connecting user is in this list then they will
not be given write access, no matter what the option is set to.
The list can include group names using the syntax described in
the parameter. Default: read list = <empty string>
write list
(S) List of users that are given read\fB-write access to a
service. If the connecting user is in this list then they will
be given write access, no matter what the option is set to. The
list can include group names using the @group syntax. Note that
if a user is in both the read list and the write list then they
will be given write access. Default: write list = <empty string>
(S) The current servicename is substituted for %S
February 02, 2008 sadms-share(1)