diff options
Diffstat (limited to '')
-rw-r--r-- | docs-xml/smbdotconf/security/invalidusers.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/invalidusers.xml b/docs-xml/smbdotconf/security/invalidusers.xml new file mode 100644 index 0000000..b2fb2b9 --- /dev/null +++ b/docs-xml/smbdotconf/security/invalidusers.xml @@ -0,0 +1,34 @@ +<samba:parameter name="invalid users" + context="S" + type="cmdlist" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This is a list of users that should not be allowed + to login to this service. This is really a <emphasis>paranoid</emphasis> + check to absolutely ensure an improper setting does not breach + your security.</para> + + <para>A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database.</para> + + <para>A name starting with '+' is interpreted only + by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value <parameter moreinfo="none">+&group</parameter> means check the + UNIX group database, followed by the NIS netgroup database, and + the value <parameter moreinfo="none">&+group</parameter> means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix).</para> + + <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. + This is useful in the [homes] section.</para> +</description> + +<related>valid users</related> + +<value type="default"><comment>no invalid users</comment></value> +<value type="example">root fred admin @wheel</value> +</samba:parameter> |