Dear all,
I have one directory:
drwxr-xr-- 4 ndbadm sapsys 4096 May 7 12:38 auto_backupyI have created samba share for it:
[backup]
path = /HANA_DATA/hana_backup/auto_backupy
read only = Yes
guest ok = yes
force group = sapsys
but everyone from windows host can browse it - how to restrict this to asks for username when try to browse this share and only user will be root?
Regards
GN
Hi GN,
[QUOTE=gniecka;21199]Dear all,
I have one directory:
drwxr-xr-- 4 ndbadm sapsys 4096 May 7 12:38 auto_backupyI have created samba share for it:
[backup]
path = /HANA_DATA/hana_backup/auto_backupy
read only = Yes
guest ok = yes
force group = sapsys
but everyone from windows host can browse it - how to restrict this to asks for username when try to browse this share and only user will be root?[/QUOTE]
well, you forced every access to use the group “sapsys”… and group “sapsys” has read/execute permission on the directory, so it’s working as expected.
Not knowing the context, it is unclear if the following will really be helpful:
“Change the directory’s ownership to user “root” and permissions to “700” - then only root will be allowed to access the directory.”
Of course, this will then be a valid restriction for direct accesses (not via SaMBa), too.
Regards,
Jens
Dear Jens,
this directory is the target directory for HANA backup mechanism
This backup script is runed from ndbadm user (sapsys group) and one of limitations is that this backup directory must be owned by ndbadm.sapsys.
another requirement is that this folder should be accessible/browsable from windows hosts for particular users - thats why I have made samba share for windows hosts - but I don’t want to open this shared folder for everyone…
Regards
GN
[QUOTE=gniecka;21202]Dear Jens,
this directory is the target directory for HANA backup mechanism
This backup script is runed from ndbadm user (sapsys group) and one of limitations is that this backup directory must be owned by ndbadm.sapsys.
another requirement is that this folder should be accessible/browsable from windows hosts for particular users - thats why I have made samba share for windows hosts - but I don’t want to open this shared folder for everyone…
Regards
GN[/QUOTE]
From smb.conf:
[QUOTE] valid users (S)
This is a list of users that should be allowed to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the invalid users parameter.
If this is empty (the default) then any user can login. If a username is in both this list and the invalid users list then access is denied for that user.
The current servicename is substituted for %S. This is useful in the [homes] section.
Note: When used in the [global] section this parameter may have unwanted side effects. For example: If samba is configured as a MASTER BROWSER (see local master, os level, domain master, preferred master) this option
will prevent workstations from being able to browse the network.
Default: valid users = # No valid users list (anyone can login)
Example: valid users = greg, @pcusers[/QUOTE]
so setting “valid users = root” within the share definition should limit SaMBa access to the SaMBa user “root”.
Regards,
Jens
Jens,
I have tried this with no luck.
When I add
valid user = root
then I can’t access this share from windows host at all…
Regards
GN
Hi GN,
[QUOTE=gniecka;21204]Jens,
I have tried this with no luck.
When I add
valid user = root
then I can’t access this share from windows host at all…[/QUOTE]
but you can log in to SaMBa as user root? Because the message seems to imply that you’re trying to access as some different user, then are asked to provide new credentials, and these new credentials don’t work as a valid username/password combo.
You of course need to limit access to a user that can access the SaMBa service…
Regards,
Jens
Jens,
I have added new user to samba, have cleared all stored passwords for windows host and it works!
Thank you for support!