Samba Restrict File Sharing To Particular Users or Network Addresses

All my local Linux user accounts will be able to log in to my Samba server and access share. How do I restrict access to particular users or network subnet such as 192.168.2.1/24?

You can use TCP wrappers to limit subnet access via:

  1. /etc/hosts.allow – This file describes the names of the hosts which are allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.
  2. /etc/hosts.deny – This file describes the names of the hosts which are NOT allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.

For example, allow access to smbd service inside LAN only via /etc/hosts.allow:

smbd : 192.168.2.

However, samba may or may not be built to support tcp wrappers.

hosts allow: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  hosts allow = 192.168.2. 127.0.0.1

valid users: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  valid users = user1 user2 @group1 @group2

read only & write only: Samba Configuration

You can also set read and write access to set of users with the read list and write list directives.

[share]
     read only = yes
     write list = user1 user2 @group1 @group2

Examples

Make [sales] share read only but allow user tom and jerry to write it:

[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry

You can also configure iptables to allow access to the Samba server.

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.