read bmpx (G) This boolean parameter controls whether s�sm�mb�bd�d(8) will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to n�no�o. You should never need to set this parameter.
Default: _�r_�e_�a_�d _�b_�m_�p_�x = no
read list (S) This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the _�r_�e_�a_�d _�o_�n_�l_�y option is set to. The list can include group names using the syntax described in the _�i_�n_�v_�a_�l_�i_�d _�u_�s_�e_�r_�s parameter.
Default: _�r_�e_�a_�d _�l_�i_�s_�t =
Example: _�r_�e_�a_�d _�l_�i_�s_�t = mary, @students
read only (S) An inverted synonym is _�w_�r_�i_�t_�e_�a_�b_�l_�e.
If this parameter is y�ye�es�s, then users of a service may not create or modify files in the service's directory.
Note that a printable service (p�pr�ri�in�nt�ta�ab�bl�le�e =�= y�ye�es�s) will A�AL�LW�WA�AY�YS�S allow writing to the directory (user privileges permitting), but only via spooling operations.
Default: _�r_�e_�a_�d _�o_�n_�l_�y = yes
read raw (G) This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.
If enabled, raw reads allow reads of 65535 bytes in one packet. This typically provides a major performance benefit.
However, some clients either negotiate the allowable block size incorrectly or are incapable of supporting larger block sizes, and for these clients you may need to disable raw reads.
In general this parameter should be viewed as a system tuning tool and left severely alone.
Default: _�r_�e_�a_�d _�r_�a_�w = yes
realm (G) This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4 d�do�om�ma�ai�in�n. It is usually set to the DNS name of the kerberos server.
Default: _�r_�e_�a_�l_�m =
Example: _�r_�e_�a_�l_�m = mysambabox.mycompany.com
remote announce (G) This option allows you to setup n�nm�mb�bd�d(8)to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.
This is useful if you want your Samba server to appear in a remote workgroup for which the normal browse propagation rules don't work. The remote workgroup can be anywhere that you can send IP packets to.
r�re�em�mo�ot�te�e a�an�nn�no�ou�un�nc�ce�e =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5/�/S�SE�ER�RV�VE�ER�RS�S 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5/�/S�ST�TA�AF�FF�F
the above line would cause n�nm�mb�bd�d to announce itself to the two given IP addresses using the given workgroup names. If you leave out the workgroup name then the one given in the _�w_�o_�r_�k_�g_�r_�o_�u_�p parameter is used instead.
The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable.
Default: _�r_�e_�m_�o_�t_�e _�a_�n_�n_�o_�u_�n_�c_�e =
remote browse sync (G) This option allows you to setup n�nm�mb�bd�d(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to gain browse lists for multiple workgroups across routed networks. This is done in a manner that does not work with any non-Samba servers.
This is useful if you want your Samba server and all local clients to appear in a remote workgroup for which the normal browse propagation rules don't work. The remote workgroup can be anywhere that you can send IP packets to.
r�re�em�mo�ot�te�e b�br�ro�ow�ws�se�e s�sy�yn�nc�c =�= 1�19�92�2.�.1�16�68�8.�.2�2.�.2�25�55�5 1�19�92�2.�.1�16�68�8.�.4�4.�.2�25�55�5
the above line would cause n�nm�mb�bd�d to request the master browser on the specified subnets or addresses to synchronize their browse lists with the local server.
The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable. If a machine IP address is given Samba makes NO attempt to validate that the remote machine is available, is listening, nor that it is in fact the browse master on its segment.
Default: _�r_�e_�m_�o_�t_�e _�b_�r_�o_�w_�s_�e _�s_�y_�n_�c =
restrict anonymous (G) The setting of this parameter determines whether user and group list information is returned for an anonymous connection. and mirrors the effects of the H�HK�KE�EY�Y_�_L�LO�OC�CA�AL�L_�_M�MA�AC�CH�HI�IN�NE�E\�\S�SY�YS�ST�TE�EM�M\�\C�Cu�ur�rr�re�en�nt�tC�Co�on�n-�- t�tr�ro�ol�lS�Se�et�t\�\C�Co�on�nt�tr�ro�ol�l\�\L�LS�SA�A\�\R�Re�es�st�tr�ri�ic�ct�tA�An�no�on�ny�ym�mo�ou�us�s registry key in Windows 2000 and Windows NT. When set to 0, user and group list informa- tion is returned to anyone who asks. When set to 1, only an authenticated user can retrive user and group list information. For the value 2, supported by Windows 2000/XP and Samba, no anonymous connections are allowed at all. This can break third party and Microsoft applications which expect to be allowed to perform operations anonymously.
The security advantage of using restrict anonymous = 1 is dubi- ous, as user and group list information can be obtained using other means.
The security advantage of using restrict anonymous = 2 is removed by setting _�g_�u_�e_�s_�t _�o_�k = yes on any share.
Default: _�r_�e_�s_�t_�r_�i_�c_�t _�a_�n_�o_�n_�y_�m_�o_�u_�s = 0
root This parameter is a synonym for root directory.
root dir This parameter is a synonym for root directory.
root directory (G) The server will c�ch�hr�ro�oo�ot�t(�()�) (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the server will deny access to files not in one of the service entries. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names to access other directo- ries (depending on the setting of the _�w_�i_�d_�e _�l_�i_�n_�k_�s parameter).
Adding a _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y entry other than "/" adds an extra level of security, but at a price. It absolutely ensures that no access is given to files not in the sub-tree specified in the _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y option, i�in�nc�cl�lu�ud�di�in�ng�g some files needed for complete operation of the server. To maintain full operability of the server you will need to mirror some system files into the _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y tree. In particular you will need to mirror _�/_�e_�t_�c_�/_�p_�a_�s_�s_�w_�d (or a subset of it), and any binaries or configura- tion files needed for printing (if required). The set of files that must be mirrored is operating system dependent.
Default: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /
Example: _�r_�o_�o_�t _�d_�i_�r_�e_�c_�t_�o_�r_�y = /homes/smb
root postexec (S) This is the same as the _�p_�o_�s_�t_�e_�x_�e_�c parameter except that the com- mand is run as root. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed.
Default: _�r_�o_�o_�t _�p_�o_�s_�t_�e_�x_�e_�c =
root preexec (S) This is the same as the _�p_�r_�e_�e_�x_�e_�c parameter except that the com- mand is run as root. This is useful for mounting filesystems (such as CDROMs) when a connection is opened.
Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c =
root preexec close (S) This is the same as the _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e parameter except that the command is run as root.
Default: _�r_�o_�o_�t _�p_�r_�e_�e_�x_�e_�c _�c_�l_�o_�s_�e = no