diff options
| author | John Terpstra <jht@samba.org> | 2005-07-08 10:16:53 +0000 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:04 -0500 |
| commit | 97e3e540f72021d81b34f7597506da6cdc552b8a (patch) | |
| tree | 0fbf5ca9ee58fead3c6ac25d60d27ffe25aeebf6 /docs/smbdotconf/security/forcedirectorysecuritymode.xml | |
| parent | 9953c886c64bd94778d8b78aea4699748a15abac (diff) | |
| download | samba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.gz samba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.bz2 samba-97e3e540f72021d81b34f7597506da6cdc552b8a.zip | |
More updates.
(This used to be commit b546de20f793aeec7739ef32451d72582175ae58)
Diffstat (limited to 'docs/smbdotconf/security/forcedirectorysecuritymode.xml')
| -rw-r--r-- | docs/smbdotconf/security/forcedirectorysecuritymode.xml | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/docs/smbdotconf/security/forcedirectorysecuritymode.xml b/docs/smbdotconf/security/forcedirectorysecuritymode.xml index 184337ba69..2c15ec2753 100644 --- a/docs/smbdotconf/security/forcedirectorysecuritymode.xml +++ b/docs/smbdotconf/security/forcedirectorysecuritymode.xml @@ -3,25 +3,33 @@ type="string" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a directory, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is 000, which - allows a user to modify all the user/group/world permissions on a - directory without restrictions.</para> - - <note><para>Users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it set as 0000.</para></note> + <para> + This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating + the UNIX permission on a directory using the native NT security dialog box. + </para> + + <para> + This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this + mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption + name="directory security mask"/>, which works in a similar manner to this one, but uses a logical AND instead + of an OR. + </para> + + <para> + Essentially, this mask may be treated as a set of bits that, when modifying security on a directory, + to will enable (1) any flags that are off (0) but which the mask has set to on (1). + </para> + + <para> + If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world + permissions on a directory without restrictions. + </para> + + <note><para> + Users who can access the Samba server through other means can easily bypass this restriction, so it is + primarily useful for standalone "appliance" systems. Administrators of most normal systems will + probably want to leave it set as 0000. + </para></note> </description> |