summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/protocol/profileacls.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/protocol/profileacls.xml')
-rw-r--r--docs/docbook/smbdotconf/protocol/profileacls.xml38
1 files changed, 0 insertions, 38 deletions
diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml
deleted file mode 100644
index 505f371809..0000000000
--- a/docs/docbook/smbdotconf/protocol/profileacls.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<samba:parameter name="profile acls"
- context="S"
- advanced="1" wizard="1"
- xmlns:samba="http://samba.org/common">
-<listitem>
- <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>
- This boolean parameter was added to fix the problems that people have been
- having with storing user profiles on Samba shares from Windows 2000 or
- Windows XP clients. New versions of Windows 2000 or Windows XP service
- packs do security ACL checking on the owner and ability to write of the
- profile directory stored on a local workstation when copied from a Samba
- share.
-</para>
-
-<para>When not in domain mode with winbindd then the security info copied
- onto the local workstation has no meaning to the logged in user (SID) on
- that workstation so the profile storing fails. Adding this parameter
- onto a share used for profile storage changes two things about the
- returned Windows ACL. Firstly it changes the owner and group owner
- of all reported files and directories to be BUILTIN\\Administrators,
- BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
- it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
- every returned ACL. This will allow any Windows 2000 or XP workstation
- user to access the profile.</para>
-
- <para>Note that if you have multiple users logging
- on to a workstation then in order to prevent them from being able to access
- each others profiles you must remove the "Bypass traverse checking" advanced
- user right. This will prevent access to other users profile directories as
- the top level profile directory (named after the user) is created by the
- workstation profile code and has an ACL restricting entry to the directory
- tree to the owning user.
-</para>
-
- <para>Default: <command moreinfo="none">profile acls = no</command></para>
-</listitem>
-</samba:parameter>
generated by cgit (git 2.34.1) at 2024-07-08 21:04:23 +0000