All my local Linux or Unix user accounts will be able to log in to my Samba server and access share. How do I restrict access to particular users or network subnet such as 192.168.2.1/24?

You can use TCP wrappers to limit subnet access via:
  1. /etc/hosts.allow – This file describes the names of the hosts which are allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.
  2. /etc/hosts.deny – This file describes the names of the hosts which are NOT allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.
Tutorial details
Difficulty level Easy
Root privileges No
Requirements Samba server on Linux or Unix
Est. reading time 2 minutes

Samba Restrict File Sharing To Particular Users or Network Addresses

For example, allow access to smbd service inside LAN only via /etc/hosts.allow:

smbd : 192.168.2.

However, samba may or may not be built to support tcp wrappers.

hosts allow: Samba Configuration

Open your smb.conf file and add the following line to [share] to configuring Host-based share access:

[share]
  hosts allow = 192.168.2. 127.0.0.1

The hosts deny parameter has a higher priority than the hosts allow parameter. For instance:

[share]
  hosts allow = 192.168.2. 127.0.0.1
  hosts deny = router.sweet.home

valid users: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  valid users = user1 user2 @group1 @group2

So we can use share-based access control enables you to grant or deny access to a share for certain users and groups:

[share]
   valid users = +SAMDOM\"Domain Users"
   # block tom
   invalid users = SAMDOM\tom

read only & write only: Samba Configuration

You can also set read and write access to set of users with the read list and write list directives.

[share]
     read only = yes
     write list = user1 user2 @group1 @group2

Examples

Make [sales] share read only but allow user tom and jerry to write it:

[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry

You can also configure iptables to allow or deny access to the Samba server. See the following pages:

  1. What Ports Need To Be Open For Samba To Communicate With Other Windows/Linux Systems?
  2. Samba: Linux Iptables Firewall Configuration
  3. How to configure Samba to use SMBv2 and disable SMBv1 on Linux or Unix

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 8 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
8 comments… add one
  • Suvankar Oct 16, 2009 @ 10:26

    Hello! Sir,
    I have one question. That is “how can I share a specific file or folder in between three or four ubuntu based computer.
    plz. help..
    Thank you.

    • 🐧 nixCraft Oct 16, 2009 @ 10:50

      Use nfs server and client to share files between Linux / UNIX computers.

  • Sebastian Oct 16, 2009 @ 11:24

    Hi!
    I do that using acl´s, is that wrong? or not engouraged??

  • 🐧 nixCraft Oct 16, 2009 @ 11:39

    ACL are set on files and directory and not on share names. You can use ACL for controlling and tuning file level access.

    HTH

  • ipv6 learning Nov 11, 2009 @ 14:48

    off-topic: how connect to shared folder using IPv6 without DNS Server, I mean connect using the IP.

  • dominicus Dec 1, 2011 @ 1:00

    Hi,
    Is there a way to limit the type of file in SAMBA? Let say only Word, Excel and PDF types only. Thanks in advance

  • Anonymous Aug 12, 2012 @ 16:23

    Good day! I know this is somewhat off topic but I was wondering which blog platform are you using for this website? I’m getting fed up of Wordpress because I’ve had problems with hackers and I’m looking at options for another platform. I would be great if you could point me in the direction of a good platform.

  • nagendra Feb 6, 2015 @ 12:31

    Hello! Sir,
    “how can I share a specific file or folder in between three or four windows based computer.
    plz. help..
    Thank you.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum