{"description": "Only users with local user accounts will be able to log in to\nSamba shares by default. Shares can be limited to particular users or network\naddresses. Use the <tt>hosts allow</tt> and <tt>hosts deny</tt> directives\naccordingly, and consider setting the valid users directive to a limited subset\nof users or to a group of users. Separate each address, user, or user group\nwith a space as follows for a particular <i>share</i> or global:\n<pre>[<i>share</i>]\n  hosts allow = 192.168.1. 127.0.0.1\n  valid users = userone usertwo @usergroup</pre>\nIt is also possible to limit read and write access to particular users with the\nread list and write list options, though the permissions set by the system\nitself will override these settings. Set the read only attribute for each share\nto ensure that global settings will not accidentally override the individual\nshare settings. Then, as with the valid users directive, separate each user or\ngroup of users with a space:\n<pre>[<i>share</i>]\n  read only = yes\n  write list = userone usertwo @usergroup</pre>", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Restrict SMB File Sharing to Configured Networks", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/smb/configuring_samba/smb_restrict_file_sharing/group.yml"}