diff options
author | Alexander Bokovoy <ab@samba.org> | 2003-03-27 15:27:19 +0000 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2003-03-27 15:27:19 +0000 |
commit | 5cd3d3f14ef56ff5f1d92aba0174649f3d368f66 (patch) | |
tree | 7982c107cb4ecf2b739dd0d21b591aca20e9b19a /docs/docbook/smbdotconf/security/forcesecuritymode.xml | |
parent | 7c6a4de6f97287e43405b66baa81aa328315de7c (diff) | |
download | samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.gz samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.bz2 samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.zip |
Add new framework for smb.conf(5). Please read README before trying to compile.
I will commit more meta-information updates during week-end.
(This used to be commit 8d684dffab6a90b3d612a1aa2b2c457a2bc2e6ac)
Diffstat (limited to 'docs/docbook/smbdotconf/security/forcesecuritymode.xml')
-rw-r--r-- | docs/docbook/smbdotconf/security/forcesecuritymode.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/forcesecuritymode.xml b/docs/docbook/smbdotconf/security/forcesecuritymode.xml new file mode 100644 index 0000000000..2db50f1ce3 --- /dev/null +++ b/docs/docbook/smbdotconf/security/forcesecuritymode.xml @@ -0,0 +1,33 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> + <listitem><para>This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security dialog + box.</para> + + <para>This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a file, the user has always set to be 'on'.</para> + + <para>If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions.</para> + + <para><emphasis>Note</emphasis> that users who can access + the Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + this set to 0000.</para> + + <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none"> + force directory security mode</parameter></link>, + <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security + mask</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none"> + security mask</parameter></link> parameters.</para> + + <para>Default: <command moreinfo="none">force security mode = 0</command></para> + <para>Example: <command moreinfo="none">force security mode = 700</command></para> + </listitem> + </samba:parameter> |