<samba:parameter name="invalid users" context="S" xmlns:samba="http://samba.org/common"> <listitem> <para>This is a list of users that should not be allowed to login to this service. This is really a <emphasis>paranoid</emphasis> check to absolutely ensure an improper setting does not breach your security.</para> <para>A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database.</para> <para>A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '&' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '&' may be used at the start of the name in either order so the value <parameter moreinfo="none">+&group</parameter> means check the UNIX group database, followed by the NIS netgroup database, and the value <parameter moreinfo="none">&+group</parameter> means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix).</para> <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. This is useful in the [homes] section.</para> <para>See also <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users </parameter></link>.</para> <para>Default: <emphasis>no invalid users</emphasis></para> <para>Example: <command moreinfo="none">invalid users = root fred admin @wheel</command></para> </listitem> </samba:parameter>