“ We are unable to keep individual users from mapping to any other user's home directory once they have supplied a valid password! They only need to enter their own password. I have not found any method to configure Samba so that users may map only their own home directory. ”

“ User xyzzy can map his home directory. Once mapped, user xyzzy can also map anyone else's home directory. ”

This is not a security flaw, it is by design. Samba allows users to have exactly the same access to the UNIX file system as when they were logged on to the UNIX box, except that it only allows such views onto the file system as are allowed by the defined shares.

If your UNIX home directories are set up so that one user can happily cd into another user's directory and execute ls , the UNIX security solution is to change file permissions on the user's home directories so that the cd and ls are denied.

Samba tries very hard not to second guess the UNIX administrator's security policies and trusts the UNIX admin to set the policies and permissions he or she desires.

Samba allows the behavior you require. Simply put the only user = %S option in the [homes] share definition.

The only user works in conjunction with the users = list, so to get the behavior you require, add the line:

This is equivalent to adding

to the definition of the [homes] share, as recommended in the smb.conf man page.