summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/inheritpermissions.xml
blob: aacf16986317e40f98b1517942a9c4c82acab7dc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<samba:parameter name="inherit permissions"
                 context="S"
                 xmlns:samba="http://samba.org/common">
<listitem>
    <para>The permissions on new files and directories 
    are normally governed by <link linkend="CREATEMASK"><parameter moreinfo="none">
    create mask</parameter></link>, <link linkend="DIRECTORYMASK">
    <parameter moreinfo="none">directory mask</parameter></link>, <link linkend="FORCECREATEMODE">
    <parameter moreinfo="none">force create mode</parameter>
    </link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force 
    directory mode</parameter></link> but the boolean inherit 
    permissions parameter overrides this.</para>
		
    <para>New directories inherit the mode of the parent directory,
    including bits such as setgid.</para>

    <para>New files inherit their read/write bits from the parent 
    directory.  Their execute bits continue to be determined by
    <link linkend="MAPARCHIVE"><parameter moreinfo="none">map archive</parameter>
    </link>, <link linkend="MAPHIDDEN"><parameter moreinfo="none">map hidden</parameter>
    </link> and <link linkend="MAPSYSTEM"><parameter moreinfo="none">map system</parameter>
    </link> as usual.</para>

    <para>Note that the setuid bit is <emphasis>never</emphasis> set via 
    inheritance (the code explicitly prohibits this).</para>

    <para>This can be particularly useful on large systems with 
    many users, perhaps several thousand, to allow a single [homes] 
    share to be used flexibly by each user.</para>
		
    <para>See also <link linkend="CREATEMASK"><parameter moreinfo="none">create mask
    </parameter></link>, <link linkend="DIRECTORYMASK"><parameter moreinfo="none">
    directory mask</parameter></link>, <link linkend="FORCECREATEMODE">
    <parameter moreinfo="none">force create mode</parameter></link> and <link linkend="FORCEDIRECTORYMODE">
    <parameter moreinfo="none">force directory mode</parameter>
    </link>.</para>

    <para>Default: <command moreinfo="none">inherit permissions = no</command></para>
</listitem>
</samba:parameter>