is there a way to 'hosts allow' depending on which mountpoint?

Posted on 2012-08-20
Last Modified: 2012-08-21
I have a mountpoint I would like to be accessible from the local LAN without a password, but also be accessible from outside the LAN with a password. 'hosts allow' seems to restrict ALL IPs. Is there a way to NOT permit a particular mountpoint if the host IP is outside the LAN?

Here's what I've got (with no 'hosts allow' configured):

comment = Mountpoint for intra-LAN
writable = yes
path = /this/path
public = yes
guest ok = yes
guest only = yes
guest account = smith
browsable = yes

comment = Mountpoint for extra-LAN
valid users = smith
path = /this/path
public = yes
writeable = yes
browseable= yes
printable = no

Open in new window

This specifies a mountpoint to the same path for the same user (smith), but mounting 'website' will require a password and mounting 'webcontent' will not.

The problem here is that someone outside the office LAN can still mount the w/o PW mount point. That's what I want to prevent.
Question by:jmarkfoley
    LVL 3

    Accepted Solution

    hosts allow = 192.168.1.  #Whatever your internal lan is
    hosts deny = ALL

    Then just restart your smb service.
    #service smb restart
    LVL 1

    Author Comment

    Thanks! I didn't realize I could use the hosts allow inside a mountpoint definition. Do I need the hosts deny? I've never used that with a hosts allow before ... seems like it would undo the allow.
    LVL 3

    Expert Comment

    Yes, you need to include the hosts deny = all.  It will basically deny everyone except for the addresses you include in hosts allow.  Without it, people outside would still be able to access the share since there is no rule to actually deny them access.
    LVL 1

    Author Closing Comment

    OK, thank!

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now