summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/forcedirectorysecuritymode.xml
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2005-07-08 10:16:53 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:04 -0500
commit97e3e540f72021d81b34f7597506da6cdc552b8a (patch)
tree0fbf5ca9ee58fead3c6ac25d60d27ffe25aeebf6 /docs/smbdotconf/security/forcedirectorysecuritymode.xml
parent9953c886c64bd94778d8b78aea4699748a15abac (diff)
downloadsamba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.gz
samba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.bz2
samba-97e3e540f72021d81b34f7597506da6cdc552b8a.zip
More updates.
(This used to be commit b546de20f793aeec7739ef32451d72582175ae58)
Diffstat (limited to 'docs/smbdotconf/security/forcedirectorysecuritymode.xml')
-rw-r--r--docs/smbdotconf/security/forcedirectorysecuritymode.xml46
1 files changed, 27 insertions, 19 deletions
diff --git a/docs/smbdotconf/security/forcedirectorysecuritymode.xml b/docs/smbdotconf/security/forcedirectorysecuritymode.xml
index 184337ba69..2c15ec2753 100644
--- a/docs/smbdotconf/security/forcedirectorysecuritymode.xml
+++ b/docs/smbdotconf/security/forcedirectorysecuritymode.xml
@@ -3,25 +3,33 @@
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter controls what UNIX permission bits
- can be modified when a Windows NT client is manipulating the UNIX
- permission on a directory using the native NT security dialog box.</para>
-
- <para>This parameter is applied as a mask (OR'ed with) to the
- changed permission bits, thus forcing any bits in this mask that
- the user may have modified to be on. Essentially, one bits in this
- mask may be treated as a set of bits that, when modifying security
- on a directory, the user has always set to be 'on'.</para>
-
- <para>If not set explicitly this parameter is 000, which
- allows a user to modify all the user/group/world permissions on a
- directory without restrictions.</para>
-
- <note><para>Users who can access the
- Samba server through other means can easily bypass this restriction,
- so it is primarily useful for standalone &quot;appliance&quot; systems.
- Administrators of most normal systems will probably want to leave
- it set as 0000.</para></note>
+ <para>
+ This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
+ the UNIX permission on a directory using the native NT security dialog box.
+ </para>
+
+ <para>
+ This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
+ mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption
+ name="directory security mask"/>, which works in a similar manner to this one, but uses a logical AND instead
+ of an OR.
+ </para>
+
+ <para>
+ Essentially, this mask may be treated as a set of bits that, when modifying security on a directory,
+ to will enable (1) any flags that are off (0) but which the mask has set to on (1).
+ </para>
+
+ <para>
+ If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world
+ permissions on a directory without restrictions.
+ </para>
+
+ <note><para>
+ Users who can access the Samba server through other means can easily bypass this restriction, so it is
+ primarily useful for standalone &quot;appliance&quot; systems. Administrators of most normal systems will
+ probably want to leave it set as 0000.
+ </para></note>
</description>