Saturday, 25 February 2017

Hiding unauthorized Samba shares

Another thing that took a while to research but turned out to be fairly trivial.
I was looking for a way to make only those Samba shares appear for a user that they are authorized to access.
The solution is to create a per-user share definitions with those shares that that user can access, then include them in the main smb.conf file like so:
include = /etc/samba/%U.conf
where %U resolves to the name of the user's home directory (other Samba variables won't work reliably for reasons I forget) which almost always matches the user's Samba username.
All the public shares available to all can still be included in the main smb.conf file alongside this definition. Of course, another way is to store users' Samba configuration files in their home directories, which is probably somewhat cleaner, then the include will look something like this:
include = /home/%U/.samba.conf

No comments:

Post a comment