blob: d5413d4578907acea5816a47d16e476aa1d40d19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
<samba:parameter name="directory security mask"
context="S"
xmlns:samba="http://samba.org/common">
<listitem>
<para>This parameter controls what UNIX permission bits
can be modified when a Windows NT client is manipulating the UNIX
permission on a directory using the native NT security dialog
box.</para>
<para>This parameter is applied as a mask (AND'ed with) to
the changed permission bits, thus preventing any bits not in
this mask from being modified. Essentially, zero bits in this
mask may be treated as a set of bits the user is not allowed
to change.</para>
<para>If not set explicitly this parameter is set to 0777
meaning a user is allowed to modify all the user/group/world
permissions on a directory.</para>
<para><emphasis>Note</emphasis> that users who can access the
Samba server through other means can easily bypass this restriction,
so it is primarily useful for standalone "appliance" systems.
Administrators of most normal systems will probably want to leave
it as the default of <constant>0777</constant>.</para>
<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none">
force directory security mode</parameter></link>, <link linkend="SECURITYMASK">
<parameter moreinfo="none">security mask</parameter></link>,
<link linkend="FORCESECURITYMODE"><parameter moreinfo="none">force security mode
</parameter></link> parameters.</para>
<para>Default: <command moreinfo="none">directory security mask = 0777</command></para>
<para>Example: <command moreinfo="none">directory security mask = 0700</command></para>
</listitem>
</samba:parameter>
|
