diff options
Diffstat (limited to 'docs/Samba-HOWTO-Collection')
-rw-r--r-- | docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml | 32 | ||||
-rw-r--r-- | docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml | 22 | ||||
-rw-r--r-- | docs/Samba-HOWTO-Collection/index.xml | 3 |
3 files changed, 45 insertions, 12 deletions
diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml b/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml index 251cc32fcc..f074d2c140 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml @@ -352,10 +352,12 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08 An overview of the permissions field can be found in <link linkend="access1">Overview of UNIX permissions field</link>. </para> - <image id="access1"><imagedescription>Overview of UNIX permissions field.</imagedescription><imagefile scale="40">access1</imagefile></image> + <image id="access1"><imagedescription>Overview of UNIX permissions field.</imagedescription> + <imagefile scale="40">access1</imagefile></image> <para> - Any bit flag may be unset. An unset bit flag is the equivalent of <quote>cannot</quote> and is represented as a <quote>-</quote> character. + Any bit flag may be unset. An unset bit flag is the equivalent of <quote>cannot</quote> and is represented + as a <quote>-</quote> character. <example> <title>Example File</title> @@ -373,9 +375,9 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08 </para> <para> - The letters <constant>rwxXst</constant> set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x), - execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), - sticky (t). + The letters <constant>rwxXst</constant> set permissions for the user, group and others as: read (r), write (w), + execute (or access for directories) (x), execute only if the file is a directory or already has execute + permission for some user (X), set user or group ID on execution (s), sticky (t). </para> <para> @@ -406,11 +408,21 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08 For example, Windows NT/2K/XP provides the capacity to set access controls on a directory into which people can write files but not delete them. It is possible to set an ACL on a Windows file that permits the file to be written to but not deleted. Such concepts are foreign to the UNIX operating system file space. Within the UNIX file system - anyone who has the ability to create a file can write to it, and has the capability to delete it. Of necessity, Samba - is subject to the file system semantics of the host operating system. Samba is therefore limited in the file system - capabilities that can be made available through Windows ACLs, and therefore performs a <quote>best fit</quote> - translation to POSIX ACLs. Some UNIX file systems do however support a feature known as extended attributes. Only - the Windows concept of <quote>inheritance</quote> is implemented by Samba through the appropriate extended attribute. + anyone who has the ability to create a file can write to it, and has the capability to delete it. + </para> + + <para> + For the record, in the UNIX environment the ability to delete a file is controlled by the permissions on + the directory that the file is in. In other words, a user can delete a file in a directory to which that + user had write access, even if that user does not own the file. + </para> + + <para> + Of necessity, Samba is subject to the file system semantics of the host operating system. Samba is therefore + limited in the file system capabilities that can be made available through Windows ACLs, and therefore performs + a <quote>best fit</quote> translation to POSIX ACLs. Some UNIX file systems do however support a feature known + as extended attributes. Only the Windows concept of <quote>inheritance</quote> is implemented by Samba through + the appropriate extended attribute. </para> <para> diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml b/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml index 68459cf2f0..f9cb236bcc 100644 --- a/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml +++ b/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml @@ -69,7 +69,8 @@ <para> <indexterm><primary>IDMAP</primary></indexterm> In both cases, when winbindd is not running, only locally resolvable groups can be recognized. Please refer to - <link linkend="idmap-sid2gid">IDMAP: group SID to GID resolution</link> and <link linkend="idmap-gid2sid">IDMAP: GID resolution to matching SID</link>. + <link linkend="idmap-sid2gid">IDMAP: group SID to GID resolution</link> and + <link linkend="idmap-gid2sid">IDMAP: GID resolution to matching SID</link>. The <command>net groupmap</command> is used to establish UNIX group to NT SID mappings as shown in <link linkend="idmap-store-gid2sid">IDMAP: storing group mappings</link>. </para> @@ -200,6 +201,25 @@ </para> <sect2> + <title>Warning &smbmmdsh; User Private Group Problems</title> + + <para> + Windows does not permit user and group accounts to have the same name. + This has serious implications for all sites that use private group accounts. + A private group account is an administrative practice whereby users are each + given their own group account. Red Hat Linux, as well as several free distributions + of Linux by default create private groups. + </para> + + <para> + When mapping a UNIX/Linux group to a Windows group account all conflict can + be avoided by assuring that the Windows domain group name does not overlap + with any user account name. + </para> + + </sect2> + + <sect2> <title>Important Administrative Information</title> <para> diff --git a/docs/Samba-HOWTO-Collection/index.xml b/docs/Samba-HOWTO-Collection/index.xml index a95c6b21b7..7e788ab0d0 100644 --- a/docs/Samba-HOWTO-Collection/index.xml +++ b/docs/Samba-HOWTO-Collection/index.xml @@ -117,6 +117,7 @@ The chapters in this part each cover specific Samba features. <xi:include href="TOSHARG-Backup.xml"/> <xi:include href="TOSHARG-HighAvailability.xml"/> <xi:include href="TOSHARG-LargeFile.xml"/> + <!-- <xi:include href="TOSHARG-SecureLDAP.xml"/> --> </part> @@ -149,7 +150,7 @@ The chapters in this part each cover specific Samba features. <!-- Comment out the following line to include the manpages. *Please* do not commit with the line below enabled! --> - <!--<xi:include href="manpages.xml"/>--> + <!-- <xi:include href="manpages.xml"/> --> <xi:include href="http://www.gnu.org/licenses/gpl.xml"/> <xi:include href="TOSHARG-glossary.xml"/> |