Avatar of racone
Flag for United States of America

asked on 

Samba Security Improvement for Writable Directories


Below, I have this old Samba share to a Linux system that I know is pretty wide open.  There is some old legacy software dependencies upon the way it is implemented below, as it is mounted as a single drive letter in Windows (etc.).  It also works pretty well without a lot of administration (to a fault, of course, again I know its a bit insecure).  We work in large work group (we're a Linux dominated environment, and no Active Directory.

Anyway, enough of that.  My question in terms of Samba is this:  How can I, or can I, only make certain (sub) directories writable via only a Samba directive (not changing the Linux system directory attributes ... the Linux system software proper might need those attributes to be unchanged)?   All suggestions will be noted, although I'm after a Samba-only solution, generally.  Thanks!

    comment = unix
    force user = xyz
    force group = xyz
    create mode = 0000
    force create mode = 0660
    directory mode = 0000
    force directory mode = 0770
    path = /
    read only = no
    guest ok = yes
    guest only = yes
    hosts allow = 192.168.201.
    mangled names = no
    hide special files = yes
    hide unreadable = yes
    hide unwriteable files = yes
    veto files = /.*/
    hide files = /tmp/
    veto files = /.*/bin/boot/cgroup/dev/dtr/etc/home/lib/lib64/media/misc/mnt/
Linux SecurityWindows NetworkingLinux NetworkingLinux

Avatar of undefined
Last Comment

8/22/2022 - Mon