smb.conf/manpage/2006/parameters/R
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
read bmpx (G)
This boolean parameter controls whether s�sm�mb�bd�d(8) will support the
"Read Block Multiplex" SMB. This is now rarely used and defaults
to n�no�o. You should never need to set this parameter.
Default: _�r_�e_�a_�d _�b_�m_�p_�x = no
read list (S)
This is a list of users that are given read-only access to a
service. If the connecting user is in this list then they will
not be given write access, no matter what the _�r_�e_�a_�d _�o_�n_�l_�y option
is set to. The list can include group names using the syntax
described in the _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s parameter.
Default: _�r_�e_�a_�d _�l_�i_�s_�t =
Example: _�r_�e_�a_�d _�l_�i_�s_�t = mary, @students
read only (S)
An inverted synonym is _�w_�r_�i_�t_�e_�a_�b_�l_�e.
If this parameter is y�ye�es�s, then users of a service may not create
or modify files in the service's directory.
Note that a printable service (p�pr�ri�in�nt�ta�ab�bl�le�e =�= y�ye�es�s) will A�AL�LW�WA�AY�YS�S
allow writing to the directory (user privileges permitting), but
only via spooling operations.
Default: _�r_�e_�a_�d _�o_�n_�l_�y = yes
read raw (G)
This parameter controls whether or not the server will support
the raw read SMB requests when transferring data to clients.
If enabled, raw reads allow reads of 65535 bytes in one packet.
This typically provides a major performance benefit.
However, some clients either negotiate the allowable block size
incorrectly or are incapable of supporting larger block sizes,
and for these clients you may need to disable raw reads.
In general this parameter should be viewed as a system tuning
tool and left severely alone.
Default: _�r_�e_�a_�d _�r_�a_�w = yes
realm (G)
This option specifies the kerberos realm to use. The realm is
used as the ADS equivalent of the NT4 d�do�om�ma�ai�in�n. It is usually set
to the DNS name of the kerberos server.
Default: _�r_�e_�a_�l_�m =
Example: _�r_�e_�a_�l_�m = mysambabox.mycompany.com
remote announce (G)
This option allows you to setup n�nm�mb�bd�d(8)to periodically announce
itself to arbitrary IP addresses with an arbitrary workgroup
name.
This is useful if you want your Samba server to appear in a
remote workgroup for which the normal browse propagation rules
don't work. The remote workgroup can be anywhere that you can
send IP packets to.
For example:
r�re�em�mo�ot�te�e a�an�nn�no�ou�un�nc�ce�e =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5/�/S�SE�ER�RV�VE�ER�RS�S 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5/�/S�ST�TA�AF�FF�F
the above line would cause n�nm�mb�bd�d to announce itself to the two
given IP addresses using the given workgroup names. If you leave
out the workgroup name then the one given in the _�w_�o_�r_�k_�g_�r_�o_�u_�p
parameter is used instead.
The IP addresses you choose would normally be the broadcast
addresses of the remote networks, but can also be the IP
addresses of known browse masters if your network config is that
stable.
See ???.
Default: _�r_�e_�m_�o_�t_�e _�a_�n_�n_�o_�u_�n_�c_�e =
remote browse sync (G)
This option allows you to setup n�nm�mb�bd�d(8) to periodically request
synchronization of browse lists with the master browser of a
Samba server that is on a remote segment. This option will allow
you to gain browse lists for multiple workgroups across routed
networks. This is done in a manner that does not work with any
non-Samba servers.
This is useful if you want your Samba server and all local
clients to appear in a remote workgroup for which the normal
browse propagation rules don't work. The remote workgroup can be
anywhere that you can send IP packets to.
For example:
r�re�em�mo�ot�te�e b�br�ro�ow�ws�se�e s�sy�yn�nc�c =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5
the above line would cause n�nm�mb�bd�d to request the master browser on
the specified subnets or addresses to synchronize their browse
lists with the local server.
The IP addresses you choose would normally be the broadcast
addresses of the remote networks, but can also be the IP
addresses of known browse masters if your network config is that
stable. If a machine IP address is given Samba makes NO attempt
to validate that the remote machine is available, is listening,
nor that it is in fact the browse master on its segment.
Default: _�r_�e_�m_�o_�t_�e _�b_�r_�o_�w_�s_�e _�s_�y_�n_�c =
restrict anonymous (G)
The setting of this parameter determines whether user and group
list information is returned for an anonymous connection. and
mirrors the effects of the H�HK�KE�EY�Y_�_L�LO�OC�CA�AL�L_�_M�MA�AC�CH�HI�IN�NE�E\�\S�SY�YS�ST�TE�EM�M\�\C�Cu�ur�rr�re�en�nt�tC�Co�on�n-�-
t�tr�ro�ol�lS�Se�et�t\�\C�Co�on�nt�tr�ro�ol�l\�\L�LS�SA�A\�\R�Re�es�st�tr�ri�ic�ct�tA�An�no�on�ny�ym�mo�ou�us�s registry key in Windows
2000 and Windows NT. When set to 0, user and group list informa-
tion is returned to anyone who asks. When set to 1, only an
authenticated user can retrive user and group list information.
For the value 2, supported by Windows 2000/XP and Samba, no
anonymous connections are allowed at all. This can break third
party and Microsoft applications which expect to be allowed to
perform operations anonymously.
The security advantage of using restrict anonymous = 1 is dubi-
ous, as user and group list information can be obtained using
other means.
N�No�ot�te�e
The security advantage of using restrict anonymous = 2 is
removed by setting _�g_�u_�e_�s_�t _�o_�k = yes on any share.
Default: _�r_�e_�s_�t_�r_�i_�c_�t _�a_�n_�o_�n_�y_�m_�o_�u_�s = 0
root This parameter is a synonym for root directory.
root dir
This parameter is a synonym for root directory.
root directory (G)
The server will c�ch�hr�ro�oo�ot�t(�()�) (i.e. Change its root directory) to
this directory on startup. This is not strictly necessary for
secure operation. Even without it the server will deny access to
files not in one of the service entries. It may also check for,
and deny access to, soft links to other parts of the filesystem,
or attempts to use ".." in file names to access other directo-
ries (depending on the setting of the _�w_�i_�d_�e _�l_�i_�n_�k_�s parameter).
Adding a _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y entry other than "/" adds an extra level
of security, but at a price. It absolutely ensures that no
access is given to files not in the sub-tree specified in the
_�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y option, i�in�nc�cl�lu�ud�di�in�ng�g some files needed for complete
operation of the server. To maintain full operability of the
server you will need to mirror some system files into the _�r_�o_�o_�t
_�d_�i_�r_�e_�c_�t_�o_�r_�y tree. In particular you will need to mirror
_�/_�e_�t_�c_�/_�p_�a_�s_�s_�w_�d (or a subset of it), and any binaries or configura-
tion files needed for printing (if required). The set of files
that must be mirrored is operating system dependent.
Default: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /
Example: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /homes/smb
root postexec (S)
This is the same as the _�p_�o_�s_�t_�e_�x_�e_�c parameter except that the com-
mand is run as root. This is useful for unmounting filesystems
(such as CDROMs) after a connection is closed.
Default: _�r_�o_�o_�t _�p_�o_�s_�t_�e_�x_�e_�c =
root preexec (S)
This is the same as the _�p_�r_�e_�e_�x_�e_�c parameter except that the com-
mand is run as root. This is useful for mounting filesystems
(such as CDROMs) when a connection is opened.
Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c =
root preexec close (S)
This is the same as the _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e parameter except that the
command is run as root.
Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e = no