summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security/forceunknownacluser.xml
blob: 4c0949f052a4f665d1677fd4aed3f1eef3d72d4a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<samba:parameter name="force unknown acl user"
                 context="S"
				 type="boolean"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">

<description>
    <para>
    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or 
    representation of a user or group id) as the owner or group owner of the file will be silently
    mapped into the current UNIX uid or gid of the currently connected user.
    </para>

    <para>
    This is designed to allow Windows NT clients to copy files and folders containing ACLs that were 
    created locally on the client machine and contain users local to that machine only (no domain
    users) to be copied to a Samba server (usually with XCOPY /O) and have the unknown userid and 
    groupid of the file owner map to the current connected user.  This can only be fixed correctly
    when winbindd allows arbitrary mapping from any Windows NT SID to a UNIX uid or gid.
    </para>

    <para>
    Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
    </para>
</description>

<value type="default">no</value>
</samba:parameter>