{"description": "Administrators should not use administrator accounts to access\nSamba file and printer shares. Disable the root user and the wheel\nadministrator group:\n<pre>[<i>share</i>]\n  invalid users = root @wheel</pre>\nIf administrator accounts cannot be disabled, ensure that local system\npasswords and Samba service passwords do not match.", "rationale": "Typically, administrator access is required when Samba must create user and\nsystem accounts and shares. Domain member servers and standalone servers may\nnot need administrator access at all. If that is the case, add the invalid\nusers parameter to <tt>[global]</tt> instead.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Root Access to SMB Shares", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml", "template": null}