diff options
Diffstat (limited to 'docs/smbdotconf/security/securitymask.xml')
| -rw-r--r-- | docs/smbdotconf/security/securitymask.xml | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/docs/smbdotconf/security/securitymask.xml b/docs/smbdotconf/security/securitymask.xml index de3dd29753..d41d6bddae 100644 --- a/docs/smbdotconf/security/securitymask.xml +++ b/docs/smbdotconf/security/securitymask.xml @@ -3,26 +3,30 @@ type="string" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security - dialog box.</para> + <para> + This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the + UNIX permission on a file using the native NT security dialog box. + </para> - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> + <para> + This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not + in this mask from being modified. Make sure not to mix up this parameter with <smbconfoption name="force + security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND. + </para> - <para>If not set explicitly this parameter is 0777, allowing - a user to modify all the user/group/world permissions on a file. + <para> + Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change. + </para> + + <para> + If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file. </para> - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone - "appliance" systems. Administrators of most normal systems will - probably want to leave it set to <constant>0777</constant>.</para> + <para><emphasis> + Note</emphasis> that users who can access the Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone "appliance" systems. Administrators of + most normal systems will probably want to leave it set to <constant>0777</constant>. + </para> </description> <related>force directory security mode</related> |