diff options
| -rw-r--r-- | docs/smbdotconf/security/forceunknownacluser.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/smbdotconf/security/forceunknownacluser.xml b/docs/smbdotconf/security/forceunknownacluser.xml new file mode 100644 index 0000000000..c54b9b0338 --- /dev/null +++ b/docs/smbdotconf/security/forceunknownacluser.xml @@ -0,0 +1,27 @@ +<samba:parameter name="force unknown acl user" + context="S" + type="boolean" + xmlns:samba="http://samba.org/common"> + +<description> + <para>If this parameter is set, a Windows NT ACL that contains an unknown + SID (security descriptor, or representation of a user or group + id) as the owner or group owner of the file will be silently + mapped into the current UNIX uid or gid of the currently + connected user.</para> + + <para>This is designed to allow Windows NT clients to copy files and + folders containing ACLs that were created locally on the client + machine and contain users local to that machine only (no domain + users) to be copied to a Samba server (usually with XCOPY /O) + and have the unknown userid and groupid of the file owner map to + the current connected user. This can only be fixed correctly + when winbindd allows arbitrary mapping from any Windows NT SID + to a UNIX uid or gid.</para> + + <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED + error.</para> +</description> + +<value type="default">no</value> +</samba:parameter> |