diff options
| -rw-r--r-- | docs/Samba-HOWTO-Collection/AccessControls.xml | 23 | ||||
| -rw-r--r-- | docs/Samba-HOWTO-Collection/IDMAP.xml | 7 |
2 files changed, 29 insertions, 1 deletions
diff --git a/docs/Samba-HOWTO-Collection/AccessControls.xml b/docs/Samba-HOWTO-Collection/AccessControls.xml index db4547f25d..251cc32fcc 100644 --- a/docs/Samba-HOWTO-Collection/AccessControls.xml +++ b/docs/Samba-HOWTO-Collection/AccessControls.xml @@ -1279,6 +1279,8 @@ default:other:--- <-- inherited permissions for everyone (other) <para> Microsoft Windows NT4/200X ACLs must of necessity be mapped to POSIX ACLs. The mappings for file permissions are shown in <link linkend="fdsacls"/>. + The '#' character means this flag is set only when the Windows administrator + sets the <constant>Full Control</constant> flag on the file. </para> <table frame='all' pgwide='0' id="fdsacls"><title>How Windows File ACLs Map to UNIX POSIX File ACLs</title> @@ -1287,7 +1289,7 @@ default:other:--- <-- inherited permissions for everyone (other) <colspec align="center"/> <thead> <row> - <entry align="center">Windows ACE</entry> + <entry align="left">Windows ACE</entry> <entry align="center">File Attribute Flag</entry> </row> </thead> @@ -1358,6 +1360,19 @@ default:other:--- <-- inherited permissions for everyone (other) that is intended by the Administrator. </para> + <para> + In general the mapping of UNIX POSIX user/group/other permissions will be mapped to + Windows ALCs. This has precidence over the creation of POSIX ACLs. POSIX ACLs are necessary + to establish access controls for users and groups other than the user and group that + own the file or directory. + </para> + + <para> + The UNIX administrator can set any directory permission from within the UNIX environment. + The Windows administrator is more restricted in that it is not possible from within the + Windows Explorer to remove read permission for the file owner. + </para> + </sect3> <sect3> @@ -1369,6 +1384,12 @@ default:other:--- <-- inherited permissions for everyone (other) an Access Control List (ACL), are mapped to Windows directory ACLs. </para> + <para> + Directory permissions function in much the same way as shown for file permissions, but + there are some notable exceptions and a few peculiarities that the astute administrator + will want to take into account in the setting up of directory permissions. + </para> + </sect3> </sect2> diff --git a/docs/Samba-HOWTO-Collection/IDMAP.xml b/docs/Samba-HOWTO-Collection/IDMAP.xml index 33d8b899a1..0ea50280a7 100644 --- a/docs/Samba-HOWTO-Collection/IDMAP.xml +++ b/docs/Samba-HOWTO-Collection/IDMAP.xml @@ -868,6 +868,13 @@ Joined 'GOODELF' to realm 'SNOWSHOW.COM' </para></step> <step><para> + Store the LDAP server access password in the Samba <filename>secrets.tdb</filename> file as follows: +<screen> +&rootprompt; smbpasswd -w not24get +</screen> + </para></step> + + <step><para> Start the <command>nmbd, winbind,</command> and <command>smbd</command> daemons in the order shown. </para></step> </procedure> |