As for the quick help; you're most welcome! I happened to sit behind my computer 😜 

Adding the line:

valid users = user1 root admin

did the trick... On a MAC anyway.... It does exactly what I need.

If a user clicks on any of the folders that they don't have a password for then they are denied access, except of course for their own folder and the public.

Thanks very much for your help, I really appreciate it.

My first time on this forum, my first call for help, and solved within an hour!!!

I'm not rolling this out yet, I'll test it some more and make sure and try it on a Windows & Linux box, but I'm confident.

Have a great weekend

Dj

valid users

To restrict users per share, you can use the valid users parameter. In the example below, only the users listed as valid will be able to access the tennis share.

(modified for your user1)

path = /home/user1
comment = authenticated and valid users only
read only = No
guest ok = No
valid users = user1 root admin

Note: The link seems a little dated, but the Samba.org Documentation mentions it as well.

Posted by: @deljones

Users 1 to 3, after they have entered the server address then get asked for their credentials after which they get logged in. Good

However on a MAC, for example, when user 1 logs in they are then presented with a list of "volumes" to select. The volumes are the other uses and the public folder.

This is typical Mac behavior when just entering the server name/IP address, for example:

smb://192.168.1.100

To avoid this, use the full path tot he share, for example:

smb://192.168.1.100/user2

As for the undesired access (eg. User1 can work with the files of User2):
I suspect this has to do with your directory mask setting

create mask=0777
directory mask=0777

I'm definitely not a Linux/Samba expert, but from the Samba documentation or directory masks:

    This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.
...
    The default value of this parameter removes the 'group' and 'other' write bits from the UNIX mode,
    allowing only the user who owns the directory to modify it.

    Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force directory
    mode parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).

    Default: directory mask = 0755  

So the mask you're using (777) actually gives full access to everybody (see also my chmod calculator).
The mask 755 on the other hand, allows only the owner (and root of course) to write files (others can still read).

Maybe you'd like to tighten this even more, but Samba may do an odd translation of the rights. You may need to do a little experimenting.
I also presume that create mask needs to be corrected as well.

Also note: you may need to update the access rights of the affected directories and files on your Raspberry Pi.
However, before doing this, I'd recommend testing the directory mask and create mask first.
If you have root access to your Raspberry Pi (which I assume you have), and you still see the undesired access, then you can look into changing the directory/file access rights with chmod (with chmod -R xyz wher xyz is the mask you'd like to use).

Hope this helps 😊 

I am trying to understand sharing on a pi. Here is what I have.

Three users, 1, 2, 3. They each have a folder. I also have a public folder.

Samba is installed and working. Here is the problem.

The public share works, users 1,2, and 3 can see it, read and write to it over the network. Good...

Users 1 to 3, after they have entered the server address then get asked for their credentials after which they get logged in. Good

However on a MAC, for example, when user 1 logs in they are then presented with a list of "volumes" to select. The volumes are the other uses and the public folder.

If user 1 selects user 2's folder it opens meaning user 1 can now see all of user 2's stuff and user 3! Bad

In fact, any of the users can log in, with the right credentials, but once on they can see and modify all the other users folders and content! Bad

Whew!!!! What have I done wrong here?

It's a permissions thing I know but I'm trying to get it so users 1 to 3 can log in anywhere on the LAN and see ONLY their own folders (R/W) and of course the public folder...

comment= user1 folder
path=/home/user1
browseable=yes
writeable=Yes
only guest=no
create mask=0777
directory mask=0777
public=no

comment= user2 folder
path=/home/user2
browseable=yes
writeable=Yes
only guest=no
create mask=0777
directory mask=0777
public=no

comment= user3 folder
path=/home/user3
browseable=yes
writeable=Yes
only guest=no

create mask=0777
directory mask=0777
public=no

Comment = Public shared folder
Path = /share
Browseable = yes
Writeable = Yes
only guest = no
create mask = 0777
directory mask = 0777
Public = yes
Guest ok = yes

Help! I'm almost there. I think.

Here is the section of my samba.conf file showing the users etc.

Best wishes

Dj