From 89af28455012bc123db7a90fb212572e6c516fbf Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sun, 18 May 2003 21:14:45 +0000 Subject: Fixups and more edits. (This used to be commit c2501d2c14b3aa5dbd735400a5701c38c69e0b56) --- docs/docbook/projdoc/AccessControls.xml | 513 +++++++++++++++++--------------- 1 file changed, 272 insertions(+), 241 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/AccessControls.xml b/docs/docbook/projdoc/AccessControls.xml index 9c0b52638d..95eb6cebba 100644 --- a/docs/docbook/projdoc/AccessControls.xml +++ b/docs/docbook/projdoc/AccessControls.xml @@ -374,245 +374,277 @@ The following parameters in the &smb.conf; file sections that define a share con Before using any of the following options please refer to the man page for &smb.conf;. -User and Group Based Controls - - - - Control Parameter - Description - Action - Notes - - - - - admin users - - List of users who will be granted administrative privileges on the share. - They will do all file operations as the super-user (root). - Any user in this list will be able to do anything they like on the share, - irrespective of file permissions. - - - - force group - - Specifies a UNIX group name that will be assigned as the default primary group - for all users connecting to this service. - - - - force user - - Specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. - This is useful for sharing files. Incorrect use can cause security problems. - - - - guest ok - - If this parameter is set for a service, then no password is required to connect to the service. Privileges will be - those of the guest account. - - - - invalid users - - List of users that should not be allowed to login to this service. - - - - only user - - Controls whether connections with usernames not in the user list will be allowed. - - - - read list - - List of users that are given read-only access to a service. Users in this list - will not be given write access, no matter what the read only option is set to. - - - - username - - Refer to the &smb.conf; man page for more information - this is a complex and potentially misused parameter. - - - - valid users - - List of users that should be allowed to login to this service. - - - - write list - - List of users that are given read-write access to a service. - - - - -
+ + User and Group Based Controls - -The following file and directory permission based controls, if misused, can result in considerable difficulty to -diagnose the cause of mis-configuration. Use them sparingly and carefully. By gradually introducing each one by one -undesirable side-effects may be detected. In the event of a problem, always comment all of them out and then gradually -re-instroduce them in a controlled fashion. - + + User and group based controls can prove very useful. In some situations it is distinctly desirable to affect all + file system operations as if a single user is doing this, the use of the force user and + force group behaviour will achieve this. In other situations it may be necessary to affect a + paranoia level of control to ensure that only particular authorised persons will be able to access a share or + it's contents, here the use of the valid users or the invalid users may + be most useful. + + + + As always, it is highly advisable to use the least difficult to maintain and the least ambiguous method for + controlling access. Remember, that when you leave the scene someone else will need to provide assistance and + if that person finds to great a mess, or if they do not understand what you have done then there is risk of + Samba being removed and an alternative solution being adopted. + + + User and Group Based Controls + + + + Control Parameter + Description - Action - Notes + + + + + admin users + + List of users who will be granted administrative privileges on the share. + They will do all file operations as the super-user (root). + Any user in this list will be able to do anything they like on the share, + irrespective of file permissions. + + + + force group + + Specifies a UNIX group name that will be assigned as the default primary group + for all users connecting to this service. + + + + force user + + Specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. + This is useful for sharing files. Incorrect use can cause security problems. + + + + guest ok + + If this parameter is set for a service, then no password is required to connect to the service. Privileges will be + those of the guest account. + + + + invalid users + + List of users that should not be allowed to login to this service. + + + + only user + + Controls whether connections with usernames not in the user list will be allowed. + + + + read list + + List of users that are given read-only access to a service. Users in this list + will not be given write access, no matter what the read only option is set to. + + + + username + + Refer to the &smb.conf; man page for more information - this is a complex and potentially misused parameter. + + + + valid users + + List of users that should be allowed to login to this service. + + + + write list + + List of users that are given read-write access to a service. + + + + +
+ + + + + File and Directory Permissions Based Controls -File and Directory Permission Based Controls - - - - Control Parameter - Description - Action - Notes - - - - - create mask - - Refer to the &smb.conf; man page. - - - - directory mask - - The octal modes used when converting DOS modes to UNIX modes when creating UNIX directories. - See also: directory security mask. - - - dos filemode - - Enabling this parameter allows a user who has write access to the file to modify the permissions on it. - - - - force create mode - - This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. - - - - force directory mode - - This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. - - - - force directory security mode - - Controls UNIX permission bits modified when a Windows NT client is manipulating UNIX permissions on a directory - - - - force security mode - - Controls UNIX permission bits modified when a Windows NT client manipulates UNIX permissions. - - - - hide unreadable - - Prevents clients from seeing the existance of files that cannot be read. - - - - hide unwriteable files - - Prevents clients from seeing the existance of files that cannot be written to. Unwriteable directories are shown as usual. - - - - nt acl support - - This parameter controls whether smbd will attempt to map UNIX permissions into Windows NT access control lists. - - - - security mask - - Controls UNIX permission bits modified when a Windows NT client is manipulating the UNIX permissions on a file. - - - - -
- -Other Controls - - - - Control Parameter - Description - Action - Notes - - - - - case sensitive - - This means that all file name lookup will be done in a case sensitive manner. - Files will be created with the precise filename Samba received from the MS Windows client. - See also: default case, short preserve case. - - - - csc policy - - Client Side Caching Policy - parallels MS Windows client side file caching capabilities. - - - - dont descend - - Allows to specify a comma-delimited list of directories that the server should always show as empty. - - - - dos filetime resolution - - This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. - - - - dos filetimes - - Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the - owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the - timestamp on a file if the user smbd is acting on behalf of is not the file owner. Setting this option to yes allows DOS - semantics and smbd(8) will change the file timestamp as DOS requires. - - - - fake oplocks - - Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an - oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will - aggressively cache file data. With some oplock types the client may even cache file open/close operations. - - - - hide dot files, hide files, veto files - - Note: MS Windows Explorer allows over-ride of files marked as hidden so they will still be visible. - - - - read only - - If this parameter is yes, then users of a service may not create or modify files in the service's directory. - - - - veto files - - List of files and directories that are neither visible nor accessible. - - - - -
+ + The following file and directory permission based controls, if misused, can result in considerable difficulty to + diagnose the cause of mis-configuration. Use them sparingly and carefully. By gradually introducing each one by one + undesirable side-effects may be detected. In the event of a problem, always comment all of them out and then gradually + re-instroduce them in a controlled fashion. + + + File and Directory Permission Based Controls + + + + Control Parameter + Description - Action - Notes + + + + + create mask + + Refer to the &smb.conf; man page. + + + + directory mask + + The octal modes used when converting DOS modes to UNIX modes when creating UNIX directories. + See also: directory security mask. + + + dos filemode + + Enabling this parameter allows a user who has write access to the file to modify the permissions on it. + + + + force create mode + + This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba. + + + + force directory mode + + This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba. + + + + force directory security mode + + Controls UNIX permission bits modified when a Windows NT client is manipulating UNIX permissions on a directory + + + + force security mode + + Controls UNIX permission bits modified when a Windows NT client manipulates UNIX permissions. + + + + hide unreadable + + Prevents clients from seeing the existance of files that cannot be read. + + + + hide unwriteable files + + Prevents clients from seeing the existance of files that cannot be written to. Unwriteable directories are shown as usual. + + + + nt acl support + + This parameter controls whether smbd will attempt to map UNIX permissions into Windows NT access control lists. + + + + security mask + + Controls UNIX permission bits modified when a Windows NT client is manipulating the UNIX permissions on a file. + + + + +
+ + + + + Miscellaneous Controls + + + The following are documented because of the prevalence of administrators creating inadvertant barriers to file + access by not understanding the full implications of &smb.conf; file settings. + + + Other Controls + + + + Control Parameter + Description - Action - Notes + + + + + case sensitive, default case, short preserve case + + This means that all file name lookup will be done in a case sensitive manner. + Files will be created with the precise filename Samba received from the MS Windows client. + + + + csc policy + + Client Side Caching Policy - parallels MS Windows client side file caching capabilities. + + + + dont descend + + Allows to specify a comma-delimited list of directories that the server should always show as empty. + + + + dos filetime resolution + + This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. + + + + dos filetimes + + DOS and Windows allows users to change file time stamps if they can write to the file. POSIX semantics prevent this. + This options allows DOS and Windows behaviour. + + + + fake oplocks + + Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an + oplock then the client is free to assume that it is the only one accessing the file and it will aggressively cache file data. + + + + hide dot files, hide files, veto files + + Note: MS Windows Explorer allows over-ride of files marked as hidden so they will still be visible. + + + + read only + + If this parameter is yes, then users of a service may not create or modify files in the service's directory. + + + + veto files + + List of files and directories that are neither visible nor accessible. + + + + +
+ + @@ -729,8 +761,7 @@ re-instroduce them in a controlled fashion. MS Windows Access Control Lists and Unix Interoperability - Viewing and changing UNIX permissions using the NT - security dialogs + Managing UNIX permissions Using NT Security Dialogs Windows NT clients can use their native security settings dialog box to view and modify the underlying UNIX permissions. @@ -753,7 +784,7 @@ re-instroduce them in a controlled fashion. - How to view file security on a Samba share + Viewing File Security on a Samba Share From an NT4/2000/XP client, single-click with the right mouse button on any file or directory in a Samba mounted @@ -816,7 +847,7 @@ re-instroduce them in a controlled fashion. - Viewing file or directory permissions + Viewing File or Directory Permissions The third button is the "Permissions" button. Clicking on this brings up a dialog box that shows both -- cgit