summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/invalidusers.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs-xml/smbdotconf/security/invalidusers.xml34
1 files changed, 34 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/invalidusers.xml b/docs-xml/smbdotconf/security/invalidusers.xml
new file mode 100644
index 0000000..b2fb2b9
--- /dev/null
+++ b/docs-xml/smbdotconf/security/invalidusers.xml
@@ -0,0 +1,34 @@
+<samba:parameter name="invalid users"
+ context="S"
+ type="cmdlist"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This is a list of users that should not be allowed
+ to login to this service. This is really a <emphasis>paranoid</emphasis>
+ check to absolutely ensure an improper setting does not breach
+ your security.</para>
+
+ <para>A name starting with a '@' is interpreted as an NIS
+ netgroup first (if your system supports NIS), and then as a UNIX
+ group if the name was not found in the NIS netgroup database.</para>
+
+ <para>A name starting with '+' is interpreted only
+ by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
+ '&amp;' is interpreted only by looking in the NIS netgroup database
+ (this requires NIS to be working on your system). The characters
+ '+' and '&amp;' may be used at the start of the name in either order
+ so the value <parameter moreinfo="none">+&amp;group</parameter> means check the
+ UNIX group database, followed by the NIS netgroup database, and
+ the value <parameter moreinfo="none">&amp;+group</parameter> means check the NIS
+ netgroup database, followed by the UNIX group database (the
+ same as the '@' prefix).</para>
+
+ <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
+ This is useful in the [homes] section.</para>
+</description>
+
+<related>valid users</related>
+
+<value type="default"><comment>no invalid users</comment></value>
+<value type="example">root fred admin @wheel</value>
+</samba:parameter>