syncing files from 3.0 into HEAD again

(This used to be commit bca0bba209255d0effbae6a3d3b6d298f0952c3a)

1 files changed, 9 insertions, 4 deletions

diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml
index 6f2b3ec510..505f371809 100644
--- a/docs/docbook/smbdotconf/protocol/profileacls.xml
+++ b/docs/docbook/smbdotconf/protocol/profileacls.xml
@@ -10,7 +10,10 @@
 	Windows XP clients. New versions of Windows 2000 or Windows XP service
 	packs do security ACL checking on the owner and ability to write of the
 	profile directory stored on a local workstation when copied from a Samba
-	share. When not in domain mode with winbindd then the security info copied
+	share.
+</para>
+
+<para>When not in domain mode with winbindd then the security info copied
 	onto the local workstation has no meaning to the logged in user (SID) on
 	that workstation so the profile storing fails. Adding this parameter
 	onto a share used for profile storage changes two things about the
@@ -19,15 +22,17 @@
 	BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
 	it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
 	every returned ACL. This will allow any Windows 2000 or XP workstation
-	user to access the profile. Note that if you have multiple users logging
+	user to access the profile.</para>
+	
+	<para>Note that if you have multiple users logging
 	on to a workstation then in order to prevent them from being able to access
 	each others profiles you must remove the "Bypass traverse checking" advanced
 	user right. This will prevent access to other users profile directories as
 	the top level profile directory (named after the user) is created by the
 	workstation profile code and has an ACL restricting entry to the directory
 	tree to the owning user.
-    </para>
-		
+</para>
+
     <para>Default: <command moreinfo="none">profile acls = no</command></para>
 </listitem>
 </samba:parameter>