| 1 | <samba:parameter name="invalid users"
|
|---|
| 2 | context="S"
|
|---|
| 3 | type="list"
|
|---|
| 4 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 5 | <description>
|
|---|
| 6 | <para>This is a list of users that should not be allowed
|
|---|
| 7 | to login to this service. This is really a <emphasis>paranoid</emphasis>
|
|---|
| 8 | check to absolutely ensure an improper setting does not breach
|
|---|
| 9 | your security.</para>
|
|---|
| 10 |
|
|---|
| 11 | <para>A name starting with a '@' is interpreted as an NIS
|
|---|
| 12 | netgroup first (if your system supports NIS), and then as a UNIX
|
|---|
| 13 | group if the name was not found in the NIS netgroup database.</para>
|
|---|
| 14 |
|
|---|
| 15 | <para>A name starting with '+' is interpreted only
|
|---|
| 16 | by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
|
|---|
| 17 | '&' is interpreted only by looking in the NIS netgroup database
|
|---|
| 18 | (this requires NIS to be working on your system). The characters
|
|---|
| 19 | '+' and '&' may be used at the start of the name in either order
|
|---|
| 20 | so the value <parameter moreinfo="none">+&group</parameter> means check the
|
|---|
| 21 | UNIX group database, followed by the NIS netgroup database, and
|
|---|
| 22 | the value <parameter moreinfo="none">&+group</parameter> means check the NIS
|
|---|
| 23 | netgroup database, followed by the UNIX group database (the
|
|---|
| 24 | same as the '@' prefix).</para>
|
|---|
| 25 |
|
|---|
| 26 | <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
|
|---|
| 27 | This is useful in the [homes] section.</para>
|
|---|
| 28 | </description>
|
|---|
| 29 |
|
|---|
| 30 | <related>valid users</related>
|
|---|
| 31 |
|
|---|
| 32 | <value type="default"><comment>no invalid users</comment></value>
|
|---|
| 33 | <value type="example">root fred admin @wheel</value>
|
|---|
| 34 | </samba:parameter>
|
|---|
