From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- .../security/forcedirectorysecuritymode.xml | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml (limited to 'docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml') diff --git a/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml new file mode 100644 index 0000000000..2c15ec2753 --- /dev/null +++ b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml @@ -0,0 +1,43 @@ + + + + This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating + the UNIX permission on a directory using the native NT security dialog box. + + + + This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this + mask that the user may have modified to be on. Make sure not to mix up this parameter with , which works in a similar manner to this one, but uses a logical AND instead + of an OR. + + + + Essentially, this mask may be treated as a set of bits that, when modifying security on a directory, + to will enable (1) any flags that are off (0) but which the mask has set to on (1). + + + + If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world + permissions on a directory without restrictions. + + + + Users who can access the Samba server through other means can easily bypass this restriction, so it is + primarily useful for standalone "appliance" systems. Administrators of most normal systems will + probably want to leave it set as 0000. + + + + +0 +700 + +directory security mask +security mask +force security mode + + -- cgit