2004-04-07 14:15:11 +04:00
<samba:parameter name= "invalid users"
context="S"
2015-07-23 18:19:19 +03:00
type="cmdlist"
2005-03-13 01:41:20 +03:00
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
2004-04-07 14:15:11 +04:00
<description >
<para > This is a list of users that should not be allowed
to login to this service. This is really a <emphasis > paranoid</emphasis>
check to absolutely ensure an improper setting does not breach
your security.</para>
<para > A name starting with a '@' is interpreted as an NIS
netgroup first (if your system supports NIS), and then as a UNIX
group if the name was not found in the NIS netgroup database.</para>
<para > A name starting with '+' is interpreted only
2006-11-17 18:05:25 +03:00
by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
2004-04-07 14:15:11 +04:00
'& ' is interpreted only by looking in the NIS netgroup database
(this requires NIS to be working on your system). The characters
'+' and '& ' may be used at the start of the name in either order
so the value <parameter moreinfo= "none" > +& group</parameter> means check the
UNIX group database, followed by the NIS netgroup database, and
the value <parameter moreinfo= "none" > & +group</parameter> means check the NIS
netgroup database, followed by the UNIX group database (the
same as the '@' prefix).</para>
<para > The current servicename is substituted for <parameter moreinfo= "none" > %S</parameter> .
This is useful in the [homes] section.</para>
</description>
<related > valid users</related>
<value type= "default" > <comment > no invalid users</comment> </value>
<value type= "example" > root fred admin @wheel</value>
</samba:parameter>
