summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/docbook/manpages/smb.conf.5.sgml50
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 0c02f142a7c..4614004011a 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -850,6 +850,7 @@
<listitem><para><link linkend="QUEUERESUMECOMMAND"><parameter>queueresume command</parameter></link></para></listitem>
<listitem><para><link linkend="READLIST"><parameter>read list</parameter></link></para></listitem>
<listitem><para><link linkend="READONLY"><parameter>read only</parameter></link></para></listitem>
+ <listitem><para><link linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with mask</parameter></link></para></listitem>
<listitem><para><link linkend="ROOTPOSTEXEC"><parameter>root postexec</parameter></link></para></listitem>
<listitem><para><link linkend="ROOTPREEXEC"><parameter>root preexec</parameter></link></para></listitem>
<listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem>
@@ -1615,6 +1616,11 @@
mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS">
<parameter>inherit permissions</parameter></link> parameter.</para>
+ <para>Note that by default this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+ this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter>
+ restrict acl with mask</parameter></link> to true.</para>
+
<para>Default: <command>create mask = 0744</command></para>
<para>Example: <command>create mask = 0775</command></para></listitem>
</varlistentry>
@@ -2080,6 +2086,11 @@
</parameter></link> parameter. This parameter is set to 000 by
default (i.e. no extra mode bits are added).</para>
+ <para>Note that by default this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+ this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter>
+ restrict acl with mask</parameter></link> to true.</para>
+
<para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force
directory mode</parameter></link> parameter to cause particular mode
bits to always be set on created directories.</para>
@@ -2549,6 +2560,11 @@
mode after the mask set in the <parameter>create mask</parameter>
parameter is applied.</para>
+ <para>Note that by default this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+ this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter>
+ restrict acl with mask</parameter></link> to true.</para>
+
<para>See also the parameter <link linkend="CREATEMASK"><parameter>create
mask</parameter></link> for details on masking mode bits on files.</para>
@@ -2577,6 +2593,11 @@
mask in the parameter <parameter>directory mask</parameter> is
applied.</para>
+ <para>Note that by default this parameter does not apply to permissions
+ set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+ this mask on access control lists also, they need to set the <link linkend="RESTRICTACLWITHMASK"><parameter>
+ restrict acl with mask</parameter></link> to true.</para>
+
<para>See also the parameter <link linkend="DIRECTORYMASK"><parameter>
directory mask</parameter></link> for details on masking mode bits
on created directories.</para>
@@ -5936,6 +5957,35 @@
<varlistentry>
+ <term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term>
+ <listitem><para>This is a boolean parameter. If set to false (default), then
+ Creation of files with access control lists (ACLS) and modification of ACLs
+ using the Windows NT/2000 ACL editor will be applied directly to the file
+ or directory.</para>
+
+ <para>If set to True, then all requests to set an ACL on a file will have the
+ parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>,
+ <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>
+ applied before setting the ACL, and all requests to set an ACL on a directory will
+ have the parameters <link linkend="DIRECTORYMASK"><parameter>
+ directory mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter>
+ force directory mode</parameter></link> applied before setting the ACL.
+ </para>
+
+ <para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>,
+ <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>,
+ <link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>,
+ <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link>
+ </para>
+
+ <para>Default: <command>restrict acl with mask = False</command></para>
+ </varlistentry>
+
+
+
+
+ </listitem>
+ <varlistentry>
<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
<listitem><para>This is a boolean parameter. If it is true, then
anonymous access to the server will be restricted, namely in the
generated by cgit (git 2.34.1) at 2025-10-04 06:54:48 +0000