summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/invalidusers.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/security/invalidusers.xml')
-rw-r--r--docs/docbook/smbdotconf/security/invalidusers.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/invalidusers.xml b/docs/docbook/smbdotconf/security/invalidusers.xml
new file mode 100644
index 0000000000..34e534ff28
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/invalidusers.xml
@@ -0,0 +1,33 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="INVALIDUSERS"/>invalid users (S)</term>
+ <listitem><para>This is a list of users that should not be allowed
+ to login to this service. This is really a <emphasis>paranoid</emphasis>
+ check to absolutely ensure an improper setting does not breach
+ your security.</para>
+
+ <para>A name starting with a '@' is interpreted as an NIS
+ netgroup first (if your system supports NIS), and then as a UNIX
+ group if the name was not found in the NIS netgroup database.</para>
+
+ <para>A name starting with '+' is interpreted only
+ by looking in the UNIX group database. A name starting with
+ '&amp;' is interpreted only by looking in the NIS netgroup database
+ (this requires NIS to be working on your system). The characters
+ '+' and '&amp;' may be used at the start of the name in either order
+ so the value <parameter moreinfo="none">+&amp;group</parameter> means check the
+ UNIX group database, followed by the NIS netgroup database, and
+ the value <parameter moreinfo="none">&amp;+group</parameter> means check the NIS
+ netgroup database, followed by the UNIX group database (the
+ same as the '@' prefix).</para>
+
+ <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
+ This is useful in the [homes] section.</para>
+
+ <para>See also <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
+ </parameter></link>.</para>
+
+ <para>Default: <emphasis>no invalid users</emphasis></para>
+ <para>Example: <command moreinfo="none">invalid users = root fred admin @wheel
+ </command></para>
+ </listitem>
+ </samba:parameter>