diff options
| author | Gerald Carter <jerry@samba.org> | 2003-10-10 16:46:22 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-10-10 16:46:22 +0000 |
| commit | fec4b31bc1a76e408732e1a80b366d97fcf38143 (patch) | |
| tree | e23398c2bcc4e3b2da28c8007ca453228aefb44f /docs/docbook/smbdotconf/protocol/profileacls.xml | |
| parent | 20c7b998a38424e8e7b4d218f923937b9e8862d4 (diff) | |
| download | samba-fec4b31bc1a76e408732e1a80b366d97fcf38143.tar.gz samba-fec4b31bc1a76e408732e1a80b366d97fcf38143.tar.bz2 samba-fec4b31bc1a76e408732e1a80b366d97fcf38143.zip | |
removing docs tree from 3.0
(This used to be commit 0a3eb5574c91685ab07436c67b031266fb329693)
Diffstat (limited to 'docs/docbook/smbdotconf/protocol/profileacls.xml')
| -rw-r--r-- | docs/docbook/smbdotconf/protocol/profileacls.xml | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml deleted file mode 100644 index 505f371809..0000000000 --- a/docs/docbook/smbdotconf/protocol/profileacls.xml +++ /dev/null @@ -1,38 +0,0 @@ -<samba:parameter name="profile acls" - context="S" - advanced="1" wizard="1" - xmlns:samba="http://samba.org/common"> -<listitem> - <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - This boolean parameter was added to fix the problems that people have been - having with storing user profiles on Samba shares from Windows 2000 or - Windows XP clients. New versions of Windows 2000 or Windows XP service - packs do security ACL checking on the owner and ability to write of the - profile directory stored on a local workstation when copied from a Samba - share. -</para> - -<para>When not in domain mode with winbindd then the security info copied - onto the local workstation has no meaning to the logged in user (SID) on - that workstation so the profile storing fails. Adding this parameter - onto a share used for profile storage changes two things about the - returned Windows ACL. Firstly it changes the owner and group owner - of all reported files and directories to be BUILTIN\\Administrators, - BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly - it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to - every returned ACL. This will allow any Windows 2000 or XP workstation - user to access the profile.</para> - - <para>Note that if you have multiple users logging - on to a workstation then in order to prevent them from being able to access - each others profiles you must remove the "Bypass traverse checking" advanced - user right. This will prevent access to other users profile directories as - the top level profile directory (named after the user) is created by the - workstation profile code and has an ACL restricting entry to the directory - tree to the owning user. -</para> - - <para>Default: <command moreinfo="none">profile acls = no</command></para> -</listitem> -</samba:parameter> |