diff options
| author | Jeremy Allison <jra@samba.org> | 2001-05-03 20:17:26 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-05-03 20:17:26 +0000 |
| commit | bf63c36f30636cdaefe7514be47ef5197b8b7db4 (patch) | |
| tree | 491d3ff935ad9261f54d46acdd05f406f1b61bd0 | |
| parent | 0c86a1d4287ec828ef1de8ba580c06af5dc58716 (diff) | |
| download | samba-bf63c36f30636cdaefe7514be47ef5197b8b7db4.tar.gz samba-bf63c36f30636cdaefe7514be47ef5197b8b7db4.tar.xz samba-bf63c36f30636cdaefe7514be47ef5197b8b7db4.zip | |
Added "restrict acl with mask" documentation to sgml. Gerald please check I
haven't screwed up the docs build :-).
Jeremy.
| -rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 0c02f142a7c..4614004011a 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -850,6 +850,7 @@ <listitem><para><link linkend="QUEUERESUMECOMMAND"><parameter>queueresume command</parameter></link></para></listitem> <listitem><para><link linkend="READLIST"><parameter>read list</parameter></link></para></listitem> <listitem><para><link linkend="READONLY"><parameter>read only</parameter></link></para></listitem> + <listitem><para><link linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with mask</parameter></link></para></listitem> <listitem><para><link linkend="ROOTPOSTEXEC"><parameter>root postexec</parameter></link></para></listitem> <listitem><para><link linkend="ROOTPREEXEC"><parameter>root preexec</parameter></link></para></listitem> <listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem> @@ -1615,6 +1616,11 @@ mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> <parameter>inherit permissions</parameter></link> parameter.</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter> + restrict acl with mask</parameter></link> to true.</para> + <para>Default: <command>create mask = 0744</command></para> <para>Example: <command>create mask = 0775</command></para></listitem> </varlistentry> @@ -2080,6 +2086,11 @@ </parameter></link> parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter> + restrict acl with mask</parameter></link> to true.</para> + <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> parameter to cause particular mode bits to always be set on created directories.</para> @@ -2549,6 +2560,11 @@ mode after the mask set in the <parameter>create mask</parameter> parameter is applied.</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter> + restrict acl with mask</parameter></link> to true.</para> + <para>See also the parameter <link linkend="CREATEMASK"><parameter>create mask</parameter></link> for details on masking mode bits on files.</para> @@ -2577,6 +2593,11 @@ mask in the parameter <parameter>directory mask</parameter> is applied.</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter> + restrict acl with mask</parameter></link> to true.</para> + <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link> for details on masking mode bits on created directories.</para> @@ -5936,6 +5957,35 @@ <varlistentry> + <term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term> + <listitem><para>This is a boolean parameter. If set to false (default), then + Creation of files with access control lists (ACLS) and modification of ACLs + using the Windows NT/2000 ACL editor will be applied directly to the file + or directory.</para> + + <para>If set to True, then all requests to set an ACL on a file will have the + parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, + <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> + applied before setting the ACL, and all requests to set an ACL on a directory will + have the parameters <link linkend="DIRECTORYMASK"><parameter> + directory mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter> + force directory mode</parameter></link> applied before setting the ACL. + </para> + + <para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, + <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>, + <link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>, + <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> + </para> + + <para>Default: <command>restrict acl with mask = False</command></para> + </varlistentry> + + + + + </listitem> + <varlistentry> <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> <listitem><para>This is a boolean parameter. If it is true, then anonymous access to the server will be restricted, namely in the |