From 20967627378194121bc48bf387838b8bd7682478 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Mar 2003 16:48:14 +0000 Subject: Regenerate (This used to be commit 25db62e3101dbcae8e9daee3cb16430297afa223) --- docs/htmldocs/unix-permissions.html | 290 ++++++++++++++---------------------- 1 file changed, 108 insertions(+), 182 deletions(-) (limited to 'docs/htmldocs/unix-permissions.html') diff --git a/docs/htmldocs/unix-permissions.html b/docs/htmldocs/unix-permissions.html index 71198ecaa6..57246f1e2f 100644 --- a/docs/htmldocs/unix-permissions.html +++ b/docs/htmldocs/unix-permissions.html @@ -5,7 +5,7 @@ >UNIX Permission Bits and Windows NT Access Control Lists

10.1. Viewing and changing UNIX permissions using the NT - security dialogs

New in the Samba 2.0.4 release is the ability for Windows NT clients to use their native security settings dialog box to @@ -100,9 +100,9 @@ CLASS="SECT1" >

10.2. How to view file security on a Samba share

10.2. How to view file security on a Samba share

From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted @@ -170,9 +170,9 @@ CLASS="SECT1" >

10.3. Viewing file ownership

10.3. Viewing file ownership

Clicking on the "SERVER\user (Long name)"

Where Where SERVERSERVER is the NetBIOS name of - the Samba server, useruser is the user name of - the UNIX user who owns the file, and (Long name)(Long name) is the descriptive string identifying the user (normally found in the GECOS field of the UNIX password database). Click on the button to remove this dialog.

If the parameter If the parameter nt acl supportnt acl support - is set to falsefalse then the file owner will be shown as the NT user

10.4. Viewing file or directory permissions

10.4. Viewing file or directory permissions

The third button is the "SERVER\user (Long name)"

Where Where SERVERSERVER is the NetBIOS name of - the Samba server, useruser is the user name of - the UNIX user who owns the file, and (Long name)(Long name) is the descriptive string identifying the user (normally found in the GECOS field of the UNIX password database).

If the parameter If the parameter nt acl supportnt acl support - is set to falsefalse then the file owner will be shown as the NT user

10.4.1. File Permissions

10.4.1. File Permissions

The standard UNIX user/group/world triple and the corresponding "read", "write", "execute" permissions @@ -388,9 +372,9 @@ CLASS="SECT2" >

10.4.2. Directory Permissions

10.4.2. Directory Permissions

Directories on an NT NTFS file system have two different sets of permissions. The first set of permissions @@ -420,9 +404,9 @@ CLASS="SECT1" >

10.5. Modifying file or directory permissions

10.5. Modifying file or directory permissions

Modifying file and directory permissions is as simple as changing the displayed permissions in the dialog box, and @@ -434,15 +418,13 @@ CLASS="COMMAND" with the standard Samba permission masks and mapping of DOS attributes that need to also be taken into account.

If the parameter If the parameter nt acl supportnt acl support - is set to falsefalse then any attempt to set security permissions will fail with an

10.6. Interaction with the standard Samba create mask - parameters

Note that with Samba 2.0.5 there are four new parameters to control this interaction. These are :

security masksecurity mask

force security modeforce security mode

directory security maskdirectory security mask

force directory security modeforce directory security mode

Once a user clicks - security masksecurity mask parameter. Any bits that were changed that are not set to '1' in this parameter are left alone in the file permissions.

Essentially, zero bits in the Essentially, zero bits in the security masksecurity mask mask may be treated as a set of bits the user is create mask - parameter to provide compatibility with Samba 2.0.4 where this permission change facility was introduced. To allow a user to @@ -610,22 +578,18 @@ CLASS="PARAMETER" the bits set in the force security modeforce security mode parameter. Any bits that were changed that correspond to bits set to '1' in this parameter are forced to be set.

Essentially, bits set in the Essentially, bits set in the force security mode - parameter may be treated as a set of bits that, when modifying security on a file, the user has always set to be 'on'.

force - create mode parameter to provide compatibility with Samba 2.0.4 where the permission change facility was introduced. To allow a user to modify all the user/group/world permissions on a file with no restrictions set this parameter to 000.

The The security mask and security mask and force - security mode parameters are applied to the change request in that order.

For a directory Samba will perform the same operations as - described above for a file except using the parameter directory security mask instead of directory security mask instead of security - mask, and , and force directory security mode - parameter instead of parameter instead of force security mode - .

The The directory security maskdirectory security mask parameter - by default is set to the same value as the directory mask - parameter and the parameter and the force directory security - mode parameter by default is set to the same value as - the force directory modeforce directory mode parameter to provide compatibility with Samba 2.0.4 where the permission change facility was introduced.

file in that share specific section :

security mask = 0777security mask = 0777

force security mode = 0force security mode = 0

directory security mask = 0777directory security mask = 0777

force directory security mode = 0force directory security mode = 0

As described, in Samba 2.0.4 the parameters :

create maskcreate mask

force create modeforce create mode

directory maskdirectory mask

force directory modeforce directory mode

were used instead of the parameters discussed here.

10.7. Interaction with the standard Samba file attribute - mapping

Samba maps some of the DOS attribute bits (such as "read only") into the UNIX permissions of a file. This means there can -- cgit