Join Log in
Score:0
pants avatar Server

Samba: Restrict network access to all shares except one

us flag
pants

I've got a samba server with a single share that I need to make available to a specific subnet while all other current and future shares should not be accessible from that subnet (but should be accessible via other subnets). Intuitively, it seems the way to achieve this would be using the hosts allow directive as follows:

[global]
  hosts allow = subnet1
[restricted share]
  hosts allow = subnet1 subnet2

As such, the hosts allow directive within the share-specific section of the smb.conf would override the global directive. Unfortunately, the samba docs specify that this specific config option is not overriden by share-specific sections. Here is an excerpt from the samba man page:

If there are hosts allow or hosts deny options defined in the [global] section of smb.conf, they will apply to all shares, even if the shares have an overriding option defined.

I could achieve the desired behavior by adding a hosts allow directive to every share individually but this clearly doesn't scale well. I'm wondering if there is a more elegant solution to this problem.

117
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.