diff options
Diffstat (limited to 'docs/htmldocs/smb.conf.5.html')
| -rw-r--r-- | docs/htmldocs/smb.conf.5.html | 260 |
1 files changed, 177 insertions, 83 deletions
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index 8567b9988bd..b6798c5552b 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -177,7 +177,7 @@ CLASS="SCREEN" CLASS="COMPUTEROUTPUT" > [foo] path = /home/bar - writeable = true + read only = no </TT > </PRE @@ -205,9 +205,9 @@ CLASS="SCREEN" CLASS="COMPUTEROUTPUT" > [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes </TT > </PRE @@ -312,7 +312,7 @@ CLASS="SCREEN" > <TT CLASS="COMPUTEROUTPUT" > [homes] - writeable = yes + read only = no </TT > </PRE @@ -4173,6 +4173,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#PROFILEACLS" +><TT +CLASS="PARAMETER" +><I +>profile acls</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#PUBLIC" ><TT CLASS="PARAMETER" @@ -4389,6 +4401,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#USESENDFILE" +><TT +CLASS="PARAMETER" +><I +>use sendfile</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#USER" ><TT CLASS="PARAMETER" @@ -4571,7 +4595,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN1492" +NAME="AEN1500" ></A ><H2 >EXPLANATION OF EACH PARAMETER</H2 @@ -5490,7 +5514,7 @@ TARGET="_top" ><P >If this parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range @@ -5539,7 +5563,7 @@ CLASS="COMMAND" > call. Normally set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. You should never need to change this.</P ><P @@ -7237,14 +7261,14 @@ CLASS="PARAMETER" > option). If this option is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.</P ><P >If this option is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file @@ -7780,7 +7804,7 @@ NAME="DOMAINLOGONS" ><P >If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, the Samba server will serve Windows 95/98 Domain logons for the <A HREF="#WORKGROUP" @@ -8029,7 +8053,7 @@ CLASS="COMMAND" > is acting on behalf of is not the file owner. Setting this option to <TT CLASS="CONSTANT" -> true</TT +> yes</TT > allows DOS semantics and <A HREF="smbd.8.html" TARGET="_top" @@ -8801,7 +8825,7 @@ CLASS="PARAMETER" </A >parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >.</P ><P >Default: <B @@ -9086,7 +9110,7 @@ CLASS="PARAMETER" ></A > is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, and <A HREF="smbd.8.html" TARGET="_top" @@ -10203,7 +10227,7 @@ CLASS="PARAMETER" </A > parameter must be set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > on this share in order for this parameter to have any effect.</P ><P @@ -10251,10 +10275,10 @@ CLASS="COMMAND" the Samba server in their browse list. This parameter can have three values, <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, <TT CLASS="CONSTANT" ->false</TT +>no</TT >, or <TT CLASS="CONSTANT" @@ -10265,11 +10289,11 @@ CLASS="CONSTANT" >. If set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > Samba will never produce these broadcasts. If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > Samba will produce Lanman announce broadcasts at a frequency set by the parameter <TT @@ -10397,7 +10421,7 @@ CLASS="COMMAND" > to try and become a local master browser on a subnet. If set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > then <B CLASS="COMMAND" > nmbd</B @@ -10405,10 +10429,10 @@ CLASS="COMMAND" on a subnet and will also lose in all browsing elections. By default this value is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. Setting this value to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > doesn't mean that Samba will <EM >become</EM @@ -10422,7 +10446,7 @@ CLASS="COMMAND" ><P >Setting this value to <TT CLASS="CONSTANT" ->false</TT +>no</TT > will cause <B CLASS="COMMAND" >nmbd</B @@ -13574,7 +13598,10 @@ CLASS="PARAMETER" password change</I ></TT ></A -> parameter is set to true, the chat pairs +> parameter is set to <TT +CLASS="CONSTANT" +>yes</TT +>, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. </P @@ -13751,7 +13778,7 @@ CLASS="PARAMETER" ></TT > parameter is set to <TT CLASS="CONSTANT" ->true +>yes </TT > then this program is called <EM >AS ROOT</EM @@ -13788,7 +13815,7 @@ CLASS="PARAMETER" ></TT > is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT >.</P ><P >See also <A @@ -14326,7 +14353,7 @@ TARGET="_top" ><P >If this is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, on startup, <B CLASS="COMMAND" >nmbd</B @@ -14654,11 +14681,11 @@ CLASS="CONSTANT" >Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling of print data. The <A -HREF="#WRITEABLE" +HREF="#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable +>read only </I ></TT ></A @@ -15146,6 +15173,43 @@ HREF="#AEN79" ></DD ><DT ><A +NAME="PROFILEACLS" +></A +>profile acls (S)</DT +><DD +><P +> This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\Administrators, + BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user.</P +><P +>If you didn't understand the above text, you probably should not set + this parameter :-).</P +><P +>Default <B +CLASS="COMMAND" +>profile acls = no</B +></P +></DD +><DT +><A NAME="PROTOCOL" ></A >protocol (G)</DT @@ -15319,11 +15383,11 @@ NAME="READLIST" >This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the <A -HREF="#WRITEABLE" +HREF="#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable</I +>read only</I ></TT ></A > @@ -15374,15 +15438,36 @@ NAME="READONLY" >read only (S)</DT ><DD ><P ->Note that this is an inverted synonym for <A +>An inverted synonym is <A HREF="#WRITEABLE" -><TT +> <TT CLASS="PARAMETER" ><I >writeable</I ></TT ></A >.</P +><P +>If this parameter is <TT +CLASS="CONSTANT" +>yes</TT +>, then users + of a service may not create or modify files in the service's + directory.</P +><P +>Note that a printable service (<B +CLASS="COMMAND" +>printable = yes</B +>) + will <EM +>ALWAYS</EM +> allow writing to the directory + (user privileges permitting), but only via spooling operations.</P +><P +>Default: <B +CLASS="COMMAND" +>read only = yes</B +></P ></DD ><DT ><A @@ -15582,13 +15667,13 @@ NAME="RESTRICTANONYMOUS" ><P >This is a boolean parameter. If it is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, but it doesn't. Setting it to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter @@ -15601,7 +15686,7 @@ CLASS="CONSTANT" ><P >When restrict anonymous is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate @@ -16294,7 +16379,7 @@ CLASS="PARAMETER" </A > parameter to be set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT >. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly @@ -17739,13 +17824,13 @@ NAME="SYNCALWAYS" whether writes will always be written to stable storage before the write call returns. If this is <TT CLASS="CONSTANT" ->false</TT +>no</TT > then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). If this is <TT CLASS="CONSTANT" ->true</TT +>yes</TT > then every write will be followed by a <B CLASS="COMMAND" >fsync() @@ -18014,7 +18099,7 @@ NAME="UNIXPASSWORDSYNC" when the encrypted SMB password in the smbpasswd file is changed. If this is set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > the program specified in the <TT CLASS="PARAMETER" ><I @@ -18169,7 +18254,7 @@ NAME="USEMMAP" mmap/read-write system memory cache. Currently only HPUX does not have such a coherent cache, and so this parameter is set to <TT CLASS="CONSTANT" ->false</TT +>no</TT > by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with @@ -18190,7 +18275,7 @@ NAME="USERHOSTS" ><P >If this global parameter is <TT CLASS="CONSTANT" ->true</TT +>yes</TT >, it specifies that the UNIX user's <TT CLASS="FILENAME" @@ -18316,7 +18401,7 @@ CLASS="PARAMETER" ></A > parameter.</P ><P ->If any of the usernames begin with a '@' then the name +>If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users @@ -18544,6 +18629,30 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="USESENDFILE" +></A +>use sendfile (S)</DT +><DD +><P +>If this parameter is <TT +CLASS="CONSTANT" +>yes</TT +>, and Samba + was built with the --with-sendfile-support option, and the underlying operating + system supports sendfile system call, then some SMB read calls (mainly ReadAndX + and ReadRaw) will use the more efficient sendfile system call for files that + are exclusively oplocked. This may make more efficient use of the system CPU's + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. + </P +><P +>Default: <B +CLASS="COMMAND" +>use sendfile = no</B +></P +></DD +><DT +><A NAME="UTMP" ></A >utmp (G)</DT @@ -18555,7 +18664,7 @@ CLASS="COMMAND" > --with-utmp</B >. If set to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the @@ -19073,7 +19182,10 @@ CLASS="PARAMETER" >winbind enum users</I ></TT > parameter is - false, calls to the <B + <TT +CLASS="CONSTANT" +>no</TT +>, calls to the <B CLASS="COMMAND" >getpwent</B > system call @@ -19124,7 +19236,10 @@ CLASS="PARAMETER" >winbind enum groups</I ></TT > parameter is - false, calls to the <B + <TT +CLASS="CONSTANT" +>no</TT +>, calls to the <B CLASS="COMMAND" >getgrent()</B > system @@ -19259,13 +19374,13 @@ TARGET="_top" ><P >Default: <B CLASS="COMMAND" ->winbind use default domain = <falseg> +>winbind use default domain = <no> </B ></P ><P >Example: <B CLASS="COMMAND" ->winbind use default domain = true</B +>winbind use default domain = yes</B ></P ></DD ><DT @@ -19410,7 +19525,7 @@ TARGET="_top" > process in Samba will act as a WINS server. You should not set this to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > unless you have a multi-subnetted network and you wish a particular <B CLASS="COMMAND" @@ -19420,7 +19535,7 @@ CLASS="COMMAND" >NEVER</EM > set this to <TT CLASS="CONSTANT" ->true</TT +>yes</TT > on more than one machine in your network.</P ><P @@ -19523,11 +19638,11 @@ NAME="WRITELIST" >This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the <A -HREF="#WRITEABLE" +HREF="#READONLY" ><TT CLASS="PARAMETER" ><I ->writeable</I +>read only</I ></TT ></A > @@ -19567,12 +19682,12 @@ NAME="WRITEOK" >write ok (S)</DT ><DD ><P ->Synonym for <A -HREF="#WRITEABLE" +>Inverted synonym for <A +HREF="#READONLY" ><TT CLASS="PARAMETER" ><I -> writeable</I +> read only</I ></TT ></A >.</P @@ -19600,36 +19715,15 @@ NAME="WRITEABLE" >writeable (S)</DT ><DD ><P ->An inverted synonym is <A +>Inverted synonym for <A HREF="#READONLY" -> <TT +><TT CLASS="PARAMETER" ><I ->read only</I +> read only</I ></TT ></A >.</P -><P ->If this parameter is <TT -CLASS="CONSTANT" ->no</TT ->, then users - of a service may not create or modify files in the service's - directory.</P -><P ->Note that a printable service (<B -CLASS="COMMAND" ->printable = yes</B ->) - will <EM ->ALWAYS</EM -> allow writing to the directory - (user privileges permitting), but only via spooling operations.</P -><P ->Default: <B -CLASS="COMMAND" ->writeable = no</B -></P ></DD ></DL ></DIV @@ -19637,7 +19731,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6208" +NAME="AEN6235" ></A ><H2 >WARNINGS</H2 @@ -19667,7 +19761,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6214" +NAME="AEN6241" ></A ><H2 >VERSION</H2 @@ -19678,7 +19772,7 @@ NAME="AEN6214" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6217" +NAME="AEN6244" ></A ><H2 >SEE ALSO</H2 @@ -19757,7 +19851,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6237" +NAME="AEN6264" ></A ><H2 >AUTHOR</H2 |