Shazin
November 12, 2009, 3:30am
1
Hi,
Please can somebody advise me on the issue where I have a Samba mount created for one of the directories with read only access to all the IP's in the network.
Now beside read only access I want to provide Modify access also for two IP's.
Please advise.
Best Regards,
Neo
November 12, 2009, 3:56am
2
What advice to you need, specifically?
Shazin
November 12, 2009, 4:02am
3
Hi Neo,
What exactly can we make changes in smb.conf to keep read only access to all the IP's and modify access to the two IP's.
Thanks,
---------- Post updated at 02:32 PM ---------- Previous update was at 02:30 PM ----------
Hi Neo,
Current configuration is:
path = /export/home/ctsdb/reports
guest ok = Yes
read only = No
Thanks,
Neo
November 12, 2009, 4:38am
4
To make the a directory in SAMBA readable by the public, but only writable by people in group "TEAM", modify smb.conf this way:
[public]
comment = Team Writable
path = /home/public
public = yes
writable = yes
printable = no
write list = @TEAM
Shazin
November 12, 2009, 7:21am
5
Hi Neo,
Thanks, please can you also advise how to include the two IP address in Team.
Best Regards,
Neo
November 12, 2009, 1:44pm
6
You cannot include IP addresses in the group ID in a SAMBA configuration. If you want additional restriction based on IP address, you might consider using ipchains to block access, and then user usergroup configuration for read/write access.
This SAMBA smb.conf reference should be useful to you.
---------- Post updated at 18:44 ---------- Previous update was at 17:31 ----------
I forgot to mention hosts allow in the SAMBA config file .
A synonym for this parameter is allow hosts.
This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.
If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.
You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5.. The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.
Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option.
You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:
Example 1: allow all IPs in 150.203.*.*; except one
hosts allow = 150.203. EXCEPT 150.203.6.66
Example 2: allow hosts that match the given network/netmask
hosts allow = 150.203.15.0/255.255.255.0
Example 3: allow a couple of hosts
hosts allow = lapland, arvidsjaur
Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host
hosts allow = @foonet
hosts deny = pirate
Note that access still requires suitable user-level passwords.
See testparm(1) for a way of testing your host access to see if it does what you expect.
Default: hosts allow = # none (i.e., all hosts permitted access)
Example: hosts allow = 150.203.5. myhost.mynet.edu.au