valid users = %S
%S is replaced with the concrete name of the share as soon as a connection has
been successfully established. For a [homes] share, this is always the user-
name. As a consequence, access rights to a user's share are restricted exclusively
to that user.
browseable = No
This setting makes the share invisible in the network environment.
read only = No
By default, Samba prohibits write access to any exported share by means of
the read only = Yes parameter. To make a share writable, set the value
read only = No, which is synonymous with writable = Yes.
create mask = 0640
Systems that are not based on MS Windows NT do not understand the concept
of UNIX permissions, so they cannot assign permissions when creating a le.
The parameter create mask denes the access permissions assigned to
newly created les. This only applies to writable shares. In effect, this setting
means the owner has read and write permissions and the members of the
owner's primary group have read permissions. valid users = %S prevents
read access even if the group has read permissions. For the group to have read
or write access, deactivate the line valid users = %S.
19.4.3.3 Security Levels
To improve security, each share access can be protected with a password. SMB offers
the following ways of checking permissions:
Share Level Security (security = share)
A password is rmly assigned to a share. Everyone who knows this password has
access to that share.
User Level Security (security = user)
This variant introduces the concept of the user to SMB. Each user must register
with the server with his or her own password. After registration, the server can
grant access to individual exported shares dependent on usernames.
Samba 355
