smb.conf/manpage/2006/parameters/R

read bmpx (G) This boolean parameter controls whether s�sm�mb�bd�d(8) will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to n�no�o. You should never need to set this parameter.

Default: _�r_�e_�a_�d _�b_�m_�p_�x = no

read list (S) This is  a  list  of users that are given read-only access to a              service. If the connecting user is in this list then they  will not be  given write access, no matter what the _�r_�e_�a_�d _�o_�n_�l_�y option is set to. The list can include group names  using  the  syntax described in the _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s parameter.

Default: _�r_�e_�a_�d _�l_�i_�s_�t =

Example: _�r_�e_�a_�d _�l_�i_�s_�t = mary, @students

read only (S) An inverted synonym is _�w_�r_�i_�t_�e_�a_�b_�l_�e.

If this parameter is y�ye�es�s, then users of a service may not create or modify files in the service's directory.

Note that a printable service (p�pr�ri�in�nt�ta�ab�bl�le�e  =�=  y�ye�es�s)  will  A�AL�LW�WA�AY�YS�S allow writing to the directory (user privileges permitting), but only via spooling operations.

Default: _�r_�e_�a_�d _�o_�n_�l_�y = yes

read raw (G) This parameter controls whether or not the server will  support the raw read SMB requests when transferring data to clients.

If enabled, raw reads allow reads of 65535 bytes in one packet. This typically provides a major performance benefit.

However, some clients either negotiate the allowable block size incorrectly or  are incapable of supporting larger block sizes, and for these clients you may need to disable raw reads.

In general this parameter should be viewed as a  system  tuning tool and left severely alone.

Default: _�r_�e_�a_�d _�r_�a_�w = yes

realm (G) This option  specifies  the kerberos realm to use. The realm is             used as the ADS equivalent of the NT4 d�do�om�ma�ai�in�n. It is usually set to the DNS name of the kerberos server.

Default: _�r_�e_�a_�l_�m =

Example: _�r_�e_�a_�l_�m = mysambabox.mycompany.com

remote announce (G) This option allows you to setup n�nm�mb�bd�d(8)to periodically announce itself to arbitrary IP addresses with  an  arbitrary  workgroup name.

This is  useful  if  you  want your Samba server to appear in a              remote workgroup for which the normal browse  propagation  rules don't work. The remote workgroup can be anywhere that you can send IP packets to.

For example:

r�re�em�mo�ot�te�e a�an�nn�no�ou�un�nc�ce�e =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5/�/S�SE�ER�RV�VE�ER�RS�S 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5/�/S�ST�TA�AF�FF�F

the above line would cause n�nm�mb�bd�d to announce itself to  the  two given IP addresses using the given workgroup names. If you leave out the workgroup name then the  one  given  in  the  _�w_�o_�r_�k_�g_�r_�o_�u_�p parameter is used instead.

The IP  addresses  you  choose  would normally be the broadcast addresses of the remote  networks,  but  can  also  be  the  IP              addresses of known browse masters if your network config is that stable.

See ???.

Default: _�r_�e_�m_�o_�t_�e _�a_�n_�n_�o_�u_�n_�c_�e =

remote browse sync (G) This option allows you to setup n�nm�mb�bd�d(8) to periodically request synchronization of  browse  lists  with the master browser of a              Samba server that is on a remote segment. This option will allow you to  gain browse lists for multiple workgroups across routed networks. This is done in a manner that does not work with  any non-Samba servers.

This is  useful  if  you  want  your Samba server and all local clients to appear in a remote workgroup for  which  the  normal browse propagation rules don't work. The remote workgroup can be             anywhere that you can send IP packets to.

For example:

r�re�em�mo�ot�te�e b�br�ro�ow�ws�se�e s�sy�yn�nc�c =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5

the above line would cause n�nm�mb�bd�d to request the master browser on             the  specified  subnets or addresses to synchronize their browse lists with the local server.

The IP addresses you choose would  normally  be  the  broadcast addresses of  the  remote  networks,  but  can  also  be the IP              addresses of known browse masters if your network config is that stable. If a machine IP address is given Samba makes NO attempt to validate that the remote machine is available, is listening, nor that it is in fact the browse master on its segment.

Default: _�r_�e_�m_�o_�t_�e _�b_�r_�o_�w_�s_�e _�s_�y_�n_�c =

restrict anonymous (G) The setting of this parameter determines whether user and group list information is returned for an anonymous  connection. and mirrors the effects of the H�HK�KE�EY�Y_�_L�LO�OC�CA�AL�L_�_M�MA�AC�CH�HI�IN�NE�E\�\S�SY�YS�ST�TE�EM�M\�\C�Cu�ur�rr�re�en�nt�tC�Co�on�n-�- t�tr�ro�ol�lS�Se�et�t\�\C�Co�on�nt�tr�ro�ol�l\�\L�LS�SA�A\�\R�Re�es�st�tr�ri�ic�ct�tA�An�no�on�ny�ym�mo�ou�us�s registry key  in  Windows 2000 and Windows NT. When set to 0, user and group list informa- tion is returned to anyone who asks. When set  to  1,  only  an              authenticated  user can retrive user and group list information. For the value 2, supported by Windows  2000/XP  and  Samba,  no              anonymous  connections  are allowed at all. This can break third party and Microsoft applications which expect to be allowed  to              perform operations anonymously.

The security advantage of using restrict anonymous = 1 is dubi- ous, as user and group list information can be  obtained  using other means.

N�No�ot�te�e

The security  advantage  of  using  restrict  anonymous  = 2 is              removed by setting _�g_�u_�e_�s_�t _�o_�k = yes on any share.

Default: _�r_�e_�s_�t_�r_�i_�c_�t _�a_�n_�o_�n_�y_�m_�o_�u_�s = 0

root  This parameter is a synonym for root directory.

root dir This parameter is a synonym for root directory.

root directory (G) The server will c�ch�hr�ro�oo�ot�t(��) (i.e. Change its  root  directory)  to              this  directory  on  startup. This is not strictly necessary for secure operation. Even without it the server will deny access to             files  not in one of the service entries. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts  to use ".." in file names to access other directo- ries (depending on the setting of the _�w_�i_�d_�e _�l_�i_�n_�k_�s parameter).

Adding a _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y entry other than "/" adds an extra level of security,  but  at  a  price. It absolutely ensures that no             access is given to files not in the sub-tree  specified  in  the _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y option, i�in�nc�cl�lu�ud�di�in�ng�g some files needed for complete operation of the server. To maintain full  operability  of  the server you  will need to mirror some system files into the _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y tree. In particular  you  will   need   to   mirror _�/_�e_�t_�c_�/_�p_�a_�s_�s_�w_�d (or a subset of it), and any binaries or configura- tion files needed for printing (if required). The set of  files that must be mirrored is operating system dependent.

Default: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /

Example: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /homes/smb

root postexec (S) This is the same as the _�p_�o_�s_�t_�e_�x_�e_�c parameter except that the com- mand is run as root. This is useful for unmounting  filesystems (such as CDROMs) after a connection is closed.

Default: _�r_�o_�o_�t _�p_�o_�s_�t_�e_�x_�e_�c =

root preexec (S) This is  the same as the _�p_�r_�e_�e_�x_�e_�c parameter except that the com- mand is run as root. This is useful  for  mounting  filesystems (such as CDROMs) when a connection is opened.

Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c =

root preexec close (S) This is the same as the _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e parameter except that the command is run as root.

Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e = no