mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
46069ed06c
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
35 lines
1.6 KiB
XML
35 lines
1.6 KiB
XML
<samba:parameter name="invalid users"
|
|
context="S"
|
|
type="cmdlist"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This is a list of users that should not be allowed
|
|
to login to this service. This is really a <emphasis>paranoid</emphasis>
|
|
check to absolutely ensure an improper setting does not breach
|
|
your security.</para>
|
|
|
|
<para>A name starting with a '@' is interpreted as an NIS
|
|
netgroup first (if your system supports NIS), and then as a UNIX
|
|
group if the name was not found in the NIS netgroup database.</para>
|
|
|
|
<para>A name starting with '+' is interpreted only
|
|
by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with
|
|
'&' is interpreted only by looking in the NIS netgroup database
|
|
(this requires NIS to be working on your system). The characters
|
|
'+' and '&' may be used at the start of the name in either order
|
|
so the value <parameter moreinfo="none">+&group</parameter> means check the
|
|
UNIX group database, followed by the NIS netgroup database, and
|
|
the value <parameter moreinfo="none">&+group</parameter> means check the NIS
|
|
netgroup database, followed by the UNIX group database (the
|
|
same as the '@' prefix).</para>
|
|
|
|
<para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>.
|
|
This is useful in the [homes] section.</para>
|
|
</description>
|
|
|
|
<related>valid users</related>
|
|
|
|
<value type="default"><comment>no invalid users</comment></value>
|
|
<value type="example">root fred admin @wheel</value>
|
|
</samba:parameter>
|