sadms-share

Langue: en

Version: February 02, 2008 (ubuntu - 24/10/10)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

sadms-share - manage shares
You will find below some reference data to help you fine\fB-tune the settings and tailor the shared spaces to your needs. Proper permissions are obtained by tuning both the share level and the file system level and it can be very tricky. File system permissions are available for changes in the last tab.
share tutorial

REFERENCE

from Samba 3 official documentation
invalid users
(S) Specifies a list of users that can connect to a share and that should not be allowed to login to this service. A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '&' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '&' may be used at the start of the name in either order so the value +&group means check the UNIX group database, followed by the NIS netgroup database, and the value &+group means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). Default: NULL, no invalid users
valid users
(S) Specifies a list of users that can connect to a share and should be allowed to login to this service. A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '&' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '&' may be used at the start of the name in either order so the value +&group means check the UNIX group database, followed by the NIS netgroup database, and the value &+group means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user. Default: NULL, no valid users list (allows everyone, anyone can login)
guest ok
If this parameter is set for a service, then no password is required to connect to the service. Privileges will be those of the guest account.
admin users
(S) Specifies a list of users who will be granted administrative privileges on the share. They will do all file operations as the super\fB-user (root). You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions. Default: NULL, no admin users.
force group
(S) Specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This option, sometimes called group, assigns a static group ID that will be used on all connections to a share after the client has successfully authenticated. This is useful for sharing files by ensuring that all access to files on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to the files and directories within this service the Samba administrator can restrict or allow sharing of these files. This assigns a specific group to each new file or directory created from an SMB client. Allowable values: a Unix group name. Sets the effective group name assigned to all users accessing a share. Used to override a user's normal group memberships. In Samba 2.0.5 and above this parameter has extended functionality in the following way. If the group name listed here has a '+' character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group. This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to that group. This gives a finer granularity of ownership assignment. For example, the setting force group = +sys means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group. If the parameter is also set the group specified in force group will override the primary group set in force user. Default: NULL, no forced group
force user
(S) Specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems. The force user option assigns a static user ID that will be used on all connections to a share after the client has successfully authenticated. This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This assigns a specific user to each new file or directory created from an SMB client. In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug). Default: NULL, no forced user
read list
(S) List of users that are given read\fB-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the option is set to. The list can include group names using the syntax described in the parameter. Default: read list = <empty string>
write list
(S) List of users that are given read\fB-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the option is set to. The list can include group names using the @group syntax. Note that if a user is in both the read list and the write list then they will be given write access. Default: write list = <empty string>

(S) The current servicename is substituted for %S