--- docs-xml/manpages-3/smb.conf.5.xml.orig 2009-01-26 13:56:34.000000000 +0000
+++ docs-xml/manpages-3/smb.conf.5.xml 2009-02-19 15:33:26.000000000 +0000
@@ -159,8 +159,7 @@
When the connection request is made, the existing sections are scanned. If a match is found, it is
used. If no match is found, the requested section name is treated as a username and looked up in the local
- password file. If the name exists and the correct password has been given, a share is created by cloning the
- [homes] section.
+ password file. If the name exists a share is created by cloning the [homes] section.
@@ -198,6 +197,16 @@
+ The mechanism of the [homes] section does not tie the connecting user to their own home directory. When enabled,
+ all usernames listed in the local password file will be made available as shares that point to the corresponding
+ home directories. Access to the share will then be subject to the underlying permissions of the host operating
+ system. As an example, if the user bin
in the local password file is listed with a home directory
+ of /usr/bin
, a user who can successfully authenticate with the server may connect to the
+ bin
share and browse the contents of the /usr/bin
directory on the server. If you
+ find this behaviour undesirable you can set valid users = %S in the [homes] section.
+
+
+
The [homes] section can specify all the parameters a normal service section can specify, though some make more sense
than others. The following is a typical and suitable [homes] section: