diff options
| author | Jeremy Allison <jra@samba.org> | 2005-08-19 16:40:15 +0000 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:05 -0500 |
| commit | 1856f7a0f5cd1563b4b1abd42e8c0e5c3514ecc9 (patch) | |
| tree | 25790a2458fdd7bbbff67e5ac59e249da004a5a5 | |
| parent | 5e1aeb8dc1615c552c5fe20b2a8c3500a3b983bd (diff) | |
| download | samba-1856f7a0f5cd1563b4b1abd42e8c0e5c3514ecc9.tar.gz samba-1856f7a0f5cd1563b4b1abd42e8c0e5c3514ecc9.tar.bz2 samba-1856f7a0f5cd1563b4b1abd42e8c0e5c3514ecc9.zip | |
Added "acl group control" docs.
Jeremy.
(This used to be commit 54bb01f1d468d49a134dd8792540d756b6a7e0a2)
| -rw-r--r-- | docs/smbdotconf/security/aclgroupcontrol.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/docs/smbdotconf/security/aclgroupcontrol.xml b/docs/smbdotconf/security/aclgroupcontrol.xml new file mode 100644 index 0000000000..9def482061 --- /dev/null +++ b/docs/smbdotconf/security/aclgroupcontrol.xml @@ -0,0 +1,47 @@ +<samba:parameter name="acl group control" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions + and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the + <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs + on that file. + </para> + <para> + On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in + that group to modify the permissions on it. This allows the delegation of security controls + on a point in the filesystem to the group owner of a directory and anything below it also owned + by that group. This means there are multiple people with permissions to modify ACLs on a file + or directory, easing managability. + </para> + <para> + This parameter allows Samba to also permit delegation of the control over a point in the exported + directory hierarchy in much the same was as Windows. This allows all members of a UNIX group to + control the permissions on a file or directory they have group ownership on. + </para> + + <para> + This parameter is best used with the <smbconfoption name="inherit owner"/> option and also + on on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> bit set + on them, which causes new files and directories created within it to inherit the group + ownership from the containing directory. + </para> + + <para> + This is a new parameter introduced in Samba 3.0.20. + </para> + + <para> + This can be particularly useful to allow groups to manage their own security on a part + of the filesystem they have group ownership of, removing the bottleneck of having only + the user owner or superuser able to reset permissions. + </para> +</description> + +<related>inherit owner</related> +<related>inherit permissions</related> + +<value type="default">no</value> +</samba:parameter> |