To specify which clients have access to an SMB share, qualifiers can be appended to the IP addresses:
Qualifier | Description |
---|---|
read_write, readwrite, rw | Grants read/write access. This is the default setting. |
read_only, readonly, ro | Grants the specified client read-only access to the SMB share. |
no_access, noaccess | Denies the specified client access to the SMB share. |
- 10.1.2.38(ro)
Grants read-only access to the client with an IP address of 10.1.2.38.
- 10.1.2.0/24(ro)
Grants read-only access to all clients whose IP address is within the range 10.1.2.0 to 10.1.2.255.
- 10.1.*.*(readonly)
Grants read-only access to all clients with an IP address beginning with 10.1.
The order in which the entries are specified is important. For example,
*(ro)
10.1.2.38(noaccess)
in which the first line grants read-only access to all clients, and the second denies access to the specified client. However, the second line is redundant, as the first line matches all clients. These lines must be transposed to ensure access is denied to 10.1.2.38