From 056e636778d502d566dacd4ecee4c854b81a87d5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Jun 2013 14:39:27 -0700 Subject: Add missing documentation for vfs_zfsacl. Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper --- docs-xml/manpages/vfs_zfsacl.8.xml | 160 +++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 docs-xml/manpages/vfs_zfsacl.8.xml diff --git a/docs-xml/manpages/vfs_zfsacl.8.xml b/docs-xml/manpages/vfs_zfsacl.8.xml new file mode 100644 index 0000000000..f56af1bb27 --- /dev/null +++ b/docs-xml/manpages/vfs_zfsacl.8.xml @@ -0,0 +1,160 @@ + + + + + + vfs_zfsacl + 8 + Samba + System Administration tools + 4.0 + + + + + vfs_zfsacl + ZFS ACL samba module + + + + + vfs objects = zfsacl + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The zfsacl VFS module is the home + for all ACL extensions that Samba requires for proper integration + with ZFS. + + + Currently the zfsacl vfs module provides extensions in following areas : + + NFSv4 ACL Interfaces with configurable options for ZFS + + + + NOTE:This module follows the posix-acl behaviour + and hence allows permission stealing via chown. Samba might allow at a later + point in time, to restrict the chown via this module as such restrictions + are the responsibility of the underlying filesystem than of Samba. + + + This module makes use of the smb.conf parameter + acl map full control + When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD + bit on a returned ACE entry for a file (not a directory) that already + contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD. + This can prevent Windows applications that request GENERIC_ALL access + from getting ACCESS_DENIED errors when running against a filesystem + with NFSv4 compatible ACLs. + + + This module is stackable. + + Since Samba 4.0 all options are per share options. + + + + + + OPTIONS + + + + + + nfs4:mode = [ simple | special ] + + + Controls substitution of special IDs (OWNER@ and GROUP@) on ZFS. + The use of mode simple is recommended. + In this mode only non inheriting ACL entries for the file owner + and group are mapped to special IDs. + + + The following MODEs are understood by the module: + + simple(default) - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only. + special(deprecated) - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs. + + + + + + + + nfs4:acedup = [dontcare|reject|ignore|merge] + + + This parameter configures how Samba handles duplicate ACEs encountered in ZFS ACLs. + ZFS allows/creates duplicate ACE for different bits for same ID. + + + Following is the behaviour of Samba for different values : + + dontcare (default) - copy the ACEs as they come + reject - stop operation and exit with error on ACL set op + ignore - don't include the second matching ACE + merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE + + + + + + + nfs4:chown = [yes|no] + + This parameter allows enabling or disabling the chown supported + by the underlying filesystem. This parameter should be enabled with + care as it might leave your system insecure. + Some filesystems allow chown as a) giving b) stealing. It is the latter + that is considered a risk. + + Following is the behaviour of Samba for different values : + + yes - Enable chown if as supported by the under filesystem + no (default) - Disable chown + + + + + + + + + EXAMPLES + + A ZFS mount can be exported via Samba as follows : + + + + zfsacl + /test/zfs_mount + special + merge + + + + + VERSION + This man page is correct for version 4.0.x of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + -- cgit