Samba Restrict File Sharing To Particular Users or Network Addresses

last updated October 16, 2009 in AIX, CentOS, FreeBSD, Linux, Networking, RedHat and Friends, Samba (SMB/CIFS), Security, Solaris-Unix, Storage, Suse, UNIX

All my local Linux user accounts will be able to log in to my Samba server and access share. How do I restrict access to particular users or network subnet such as 192.168.2.1/24?

You can use TCP wrappers to limit subnet access via:

/etc/hosts.allow – This file describes the names of the hosts which are allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.
/etc/hosts.deny – This file describes the names of the hosts which are NOT allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.

For example, allow access to smbd service inside LAN only via /etc/hosts.allow:

smbd : 192.168.2.

However, samba may or may not be built to support tcp wrappers.

hosts allow: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  hosts allow = 192.168.2. 127.0.0.1

valid users: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  valid users = user1 user2 @group1 @group2

read only & write only: Samba Configuration

You can also set read and write access to set of users with the read list and write list directives.

[share]
     read only = yes
     write list = user1 user2 @group1 @group2

Examples

Make [sales] share read only but allow user tom and jerry to write it:

[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry

You can also configure iptables to allow access to the Samba server.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

8 comment

Suvankar says:
October 16, 2009 at 10:26 am
Hello! Sir,
I have one question. That is “how can I share a specific file or folder in between three or four ubuntu based computer.
plz. help..
Thank you.
1. nixCraft says:
  October 16, 2009 at 10:50 am
  Use nfs server and client to share files between Linux / UNIX computers.
Sebastian says:
October 16, 2009 at 11:24 am
Hi!
I do that using aclÂ´s, is that wrong? or not engouraged??
nixCraft says:
October 16, 2009 at 11:39 am
ACL are set on files and directory and not on share names. You can use ACL for controlling and tuning file level access.
HTH
ipv6 learning says:
November 11, 2009 at 2:48 pm
off-topic: how connect to shared folder using IPv6 without DNS Server, I mean connect using the IP.
dominicus says:
December 1, 2011 at 1:00 am
Hi,
Is there a way to limit the type of file in SAMBA? Let say only Word, Excel and PDF types only. Thanks in advance
www.nowfashionshowtime.org says:
August 12, 2012 at 4:23 pm
Good day! I know this is somewhat off topic but I was wondering which blog platform are you using for this website? I’m getting fed up of WordPress because I’ve had problems with hackers and I’m looking at options for another platform. I would be great if you could point me in the direction of a good platform.
nagendra says:
February 6, 2015 at 12:31 pm
Hello! Sir,
â€œhow can I share a specific file or folder in between three or four windows based computer.
plz. help..
Thank you.

Have a question? Post it on our forum!

Tagged as: /etc/samba/smb.conf, 192 168 2 1, lan, Linux, linux user, network addresses, Restrict File Sharing, samba configuration, samba server, server samba, smb, subnet, tcp wrappers, user accounts, valid users