blob: b2fb2b9d293a4f0557b4d90b6c31a387bb03bd12 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<samba:parameter name="invalid users"
context="S"
type="cmdlist"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This is a list of users that should not be allowed
to login to this service. This is really a <emphasis>paranoid</emphasis>
check to absolutely ensure an improper setting does not breach
your security.</para>
<para>A name starting with a '@' is interpreted as an NIS
netgroup first (if your system supports NIS), and then as a UNIX
group if the name was not found in the NIS netgroup database.</para>
<para>A name starting with '+' is interpreted only
by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
'&' is interpreted only by looking in the NIS netgroup database
(this requires NIS to be working on your system). The characters
'+' and '&' may be used at the start of the name in either order
so the value <parameter moreinfo="none">+&group</parameter> means check the
UNIX group database, followed by the NIS netgroup database, and
the value <parameter moreinfo="none">&+group</parameter> means check the NIS
netgroup database, followed by the UNIX group database (the
same as the '@' prefix).</para>
<para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
This is useful in the [homes] section.</para>
</description>
<related>valid users</related>
<value type="default"><comment>no invalid users</comment></value>
<value type="example">root fred admin @wheel</value>
</samba:parameter>
|
