docs/docbook/smbdotconf/security/invalidusers.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

<samba:parameter xmlns:samba="http://samba.org/common">
		<term><anchor id="INVALIDUSERS"/>invalid users (S)</term>
		<listitem><para>This is a list of users that should not be allowed 
		to login to this service. This is really a <emphasis>paranoid</emphasis> 
		check to absolutely ensure an improper setting does not breach 
		your security.</para>
		
		<para>A name starting with a '@' is interpreted as an NIS 
 		netgroup first (if your system supports NIS), and then as a UNIX 
		group if the name was not found in the NIS netgroup database.</para>

		<para>A name starting with '+' is interpreted only 
		by looking in the UNIX group database. A name starting with 
		'&amp;' is interpreted only by looking in the NIS netgroup database 
		(this requires NIS to be working on your system). The characters 
		'+' and '&amp;' may be used at the start of the name in either order 
		so the value <parameter moreinfo="none">+&amp;group</parameter> means check the 
		UNIX group database, followed by the NIS netgroup database, and 
		the value <parameter moreinfo="none">&amp;+group</parameter> means check the NIS
		netgroup database, followed by the UNIX group database (the 
		same as the '@' prefix).</para>

		<para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. 
		This is useful in the [homes] section.</para>

		<para>See also <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
		</parameter></link>.</para>

		<para>Default: <emphasis>no invalid users</emphasis></para>
		<para>Example: <command moreinfo="none">invalid users = root fred admin @wheel
		</command></para>
		</listitem>
		</samba:parameter>