# Hide files/folders in Samba



## foryuri (Sep 27, 2010)

How would I hide files or folders from Windows clients but keep them accessible through UNC access ?

I tried veto but it makes them totally inaccessible
I tried all kind of 'hide' directives but it makes them hidden only if Windows Explorer
setting are set up to 'Do not show hidden files' and I want them to be hidden regardless of client settings.

Thanks a lot.


----------



## JimW (Sep 28, 2010)

I'm slightly unsure as to what you wish to accomplish.

Do you want the share to be available to users who know the identity (or name) of the share, but to not be "browseable" or even show up when clients browse the network and shares through Windows Explorer and Network Neighborhood?

If so, this can be accomplished by a simple adjustment to the share definition section of your /usr/local/etc/smb.conf file....


```
browseable = No
```

For example.... the following would be a share definition that will make the share available, but not be seen when browsing the network by a client...


```
[Data]
	comment = Data
	path = /path/to/share/directory
	public = Yes
	read only = No
	writable = Yes
	browseable = No
        create mode = 0644
	directory mode = 0754
```


----------



## foryuri (Sep 29, 2010)

Sorry, I needed to be more specific when describing the problem.

I need to be able to hide the content of share, not the share itself.

For example I have share named 'myshare' and it has two subfolders subfolder1 and subfolder2

I want to be able to hide these subfolders from windows explorer if user types in address bar:


```
\\192.168.1.5\myshare
```
So in this case I want user to see nothing.

BUT

If user types 
	
	



```
\\192.168.1.5\myshare\subfolder1
```

I want the user to be able to access subfolder1 with no problem.

Thanks a lot.


----------



## JimW (Sep 30, 2010)

foryuri said:
			
		

> I want to be able to hide these subfolders from windows explorer if user types in address bar



If you are talking about the same user, they will see the subfolders if they map a drive directly to the root of the share.

If you are talking about different users, then you would be able to use ownership and permissioning on the subfolders to prevent access.

If you have files that you don't want certain users to see, it might be better to create different shares and then use whatever Samba options on the share definitions to accomplish your needs.

Some share definition options to consider could be ... 


```
[b]public = no[/b]
[b]browseable = no[/b]
[b]guest ok = no[/b]
[b]valid users = usernames[/b]
[b]force group = group_of_users[/b]
```

There are many Samba share options. Use trial and error and see what works best for you. Also check out the Samba documentation ....

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html


----------



## phoenix (Sep 30, 2010)

Do you have files under myshare/ or just the two sub-folders?

If just the two sub-folders, then just create two samba shares, one for each sub-folder.


----------



## shitson (Sep 30, 2010)

Have you tried something like...


```
/myfiles/.hidethis
```

Putting a '.' before the filename/folder that you want to hide?


----------



## varda (Oct 12, 2010)

Check documentation and

```
man smb.conf
```
for directives:

```
hide dot files =
hide files =
```


----------



## foryuri (Oct 13, 2010)

All hide directives work only if client has enabled "Do not show hidden files".
I need to hide files regardless of client settings.

veto does the job but it makes files totally inaccessible which doesn't work me.

Thanks anyway....


----------



## SirDice (Oct 13, 2010)

Why are you relying on the visibility? What's the problem with users actually seeing those directories?

In short, what are you hoping to accomplish by hiding these directories?


----------



## varda (Oct 13, 2010)

Join to questions of SirDice. Why not to create separate share and fine tune privileges and access rights to it on per user or any other basis you prefer?


----------



## foryuri (Oct 14, 2010)

I manage school network with about 300 students.
There is a requirement for each student to have a folder on a network.
They store there their tasks,homeworks,etc...
I have a script from DC which automatically creates user homefolder(in case it doesn't exist) named according to username and maps it as network drive when student logins.
Everything works fine but those little bastards are smart and they figured out a way to access shares by UNC path something like \\servername\sharename.
So when they go to \\servername\sharename they are able to see the rest of the folder and access them.
I partially solved the problem by using "hide" and enforcing some restrictions in GP like "Do not show hidden files" or prohibitn use of unc path,but these are still workarounds...
It would be nice if I could hide specific files/folders from showing up in UNC regardless of client(Windows Explorer) settings.
In short I don't really care about security,the network manageability and easy management is much more important.It's really pain to manually change samba configuration every time user quits or new user needed to be added.
Hope it sound logical enough....


----------



## phoenix (Oct 14, 2010)

Configuring the [homes] share in Samba is even easier, and does all of this for you automatically.    It maps to their home directory on the server, and you use normal Unix permissions to prevent others from accessing other users' home directories (you know, the default setup).


----------



## SirDice (Oct 14, 2010)

Exactly. As long as the permissions are set correctly it doesn't matter if they can 'see' the directories. If they don't have the correct access permissions they can't get it.

Never rely on 'security through obscurity'. As you already found out your students are smart. Even if you hide it they'll find it. The only way to really keep them out is to set proper access permissions.


----------



## varda (Oct 14, 2010)

foryuri said:
			
		

> new user needed to be added.


It can be automated by two lines script which will create system and samba user and his home directory:

```
echo "$2" | pw user add "$1" -m -h 0
(echo "$2"; echo "$2") | smbpasswd -a -s "$1"
```
As gentlemen said above [home] share is a solution.


----------



## foryuri (Oct 15, 2010)

Yes, â€œHomes" feature is great but it requires performing additional steps like creating users for storage box and adding them to samba configuration (though script suggested by varda is really cool and simplifies it a lot.)

And yes, this is exactly what I wanted to do originally: "security through obscurity" because this is only way I could completely get rid of touching storage box: just add/delete user in Domain Controller and that's it.

There is a simple vbs script that generates hash-code based on input and adds it as suffix to user folder; something like 'john_sgd63fsd' so there is no way someone could guess it without seeing it. This is why I wanted samba to be able to hide them regardless of Windows Explorer settings, but as far as I can see it is not possible, so I will go for "Homes" solution.

Thank you very much guys for great help.


----------

