Hiding samba share from browse list for unauthorised users

Question

I have been trying to setup my samba shares correctly.

The setup i was looking for was having a couple of shares available publicly, guest accounts are ok and can browse these shares all ok. I have this setup correctly.

The problem comes when setting up a share that only certain users can view, although i have setup a share that will only allow certain users to access. I havent been able to hide this share from guests.

I had a look into the browseable = yes option but this hides it from everyone, including the users that have logged in.

Any idea on how to tackle this?

The setup i have for this private share is follows:

[private]
comment = private share for certain users
path = /media/drive/private
create mask = 0777
directory mask = 0777
writable = yes
public = no
users = admin

I currently have

security = share

But have tried using browseable = no with

security = user

Answer 1

To hide the full share, you can use the following option:

[global]
access based share enum = yes

To hide files/folders inside a share to users who do not have read permission on those files/folders, you can use:

[share]
...
hide unreadable = yes 

Answer 2

You may use 'include' directive inside share definition section.

For example: 'smb.conf':

security = user

[private]
...
browseable = no
...
include = /etc/samba/per-user-config/%u.conf

'allowed-user.conf':

browseable = yes

Please refer Samba official docs for more info and variables: http://www.samba.org/samba/docs/using_samba/ch06.html

Answer 3

Denis is almost right.

Unfortunately, as per Samba's official documentation (here), the user variable '%u' does not work with 'include'.

However, in most cases the home directory of the user has the same value as the username and you can use that instead like so:

[share]
...
browseable = no
...
include = /etc/samba/%U.conf

where %U (notice the capital U) will be the home directory of the current user. Now let's say the user is ethan with home folder ethan. In that case you will create a file in /etc/samba/ethan.conf with contents:

browseable = yes

Answer 4

With FreeBSD (12.1) and Samba 4.11 the answer kgizdov provided doesn't work either. If you test the smb.conf file with testparm you'll see that the %U disappears on the line with the include statement.

[share]
...
browsable = no
...
include = /usr/local/etc/samba/%U.conf

changes to the following when running testparm:

[share]
...
browsable = no
...
include = /usr/local/etc/samba/.conf

Which of course won't work.

Using %G to use primary group of the authenticated user does work. As most default FreeBSD systems use the username as primary group, the config stays the same. Otherwise you'll need to add .conf files for every primary usergroup you want the share to be visible to.

So change:

include = /usr/local/etc/samba/%U.conf
to
include = /usr/local/etc/samba/%G.conf

and make .conf files in the directory above with the text:

browseable = yes

This did the trick for me.

Answer 5

I'm using this to hide shares and files. The first line suppresses unreadable files, the latter inaccessible shares.

   hide unreadable = Yes
   access based share enum = Yes

Answer 6

Why don't you use browseable = no and a logon script (if you're on a domain) that does map the hidden share to a disk (net use)?
Never tried but should work

Answer 7

This can be done by setting the browsable = no option in the samba share.

Answer 8

you can input "valid users = datastore" this line on your smb.conf file.

For Ex:- **[systemsoft] comment = Samba on Ubuntu
path = /home/datastore/share/backup
read only = no

browsable = yes
guest ok = no valid users = user1 user2 user3 user4**