Linux Cookbook

23.9.1 Problem

You would like to limit who can access a particular Samba share, either by username or group name.

23.9.2 Solution

Use the valid users directive in smb.conf, as follows:

[share1] path = /sharedstuff comment = testfiles read only = No valid users = andrew foober dana

Unix groups are indicated by a plus sign (+):

valid users = +sambausers

The groups must exist on the server, in /etc/group. They are ordinary Linux groups; you don't need to create special Samba groups.

You may also exclude users or groups, using invalid users:

invalid users = root +wheel +bannedusers

Remember to restart Samba after changing smb.conf.

23.9.3 Discussion

If you have no network information services (NIS) groups, use the plus sign to tell Samba to look only for Unix groups.

Using @ (for example, @bannedusers) tells Samba to first search the NIS database, then Unix.

To use only NIS groups, use the ampersand: &bannedusers.

23.9.4 See Also

• smb.conf(5)