summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/protocol/profileacls.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/protocol/profileacls.xml')
-rw-r--r--docs/smbdotconf/protocol/profileacls.xml13
1 files changed, 8 insertions, 5 deletions
diff --git a/docs/smbdotconf/protocol/profileacls.xml b/docs/smbdotconf/protocol/profileacls.xml
index 10e5070d31..1c6f0c9ebf 100644
--- a/docs/smbdotconf/protocol/profileacls.xml
+++ b/docs/smbdotconf/protocol/profileacls.xml
@@ -11,9 +11,10 @@
packs do security ACL checking on the owner and ability to write of the
profile directory stored on a local workstation when copied from a Samba
share.
-</para>
+ </para>
-<para>When not in domain mode with winbindd then the security info copied
+ <para>
+ When not in domain mode with winbindd then the security info copied
onto the local workstation has no meaning to the logged in user (SID) on
that workstation so the profile storing fails. Adding this parameter
onto a share used for profile storage changes two things about the
@@ -22,16 +23,18 @@
BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
every returned ACL. This will allow any Windows 2000 or XP workstation
- user to access the profile.</para>
+ user to access the profile.
+ </para>
- <para>Note that if you have multiple users logging
+ <para>
+ Note that if you have multiple users logging
on to a workstation then in order to prevent them from being able to access
each others profiles you must remove the "Bypass traverse checking" advanced
user right. This will prevent access to other users profile directories as
the top level profile directory (named after the user) is created by the
workstation profile code and has an ACL restricting entry to the directory
tree to the owning user.
-</para>
+ </para>
</description>
<value type="default">no</value>