blob: a16f275698ddb4d0b6b2f2698687eee3289a8a5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<samba:parameter name="directory security mask"
context="S"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter controls what UNIX permission bits
can be modified when a Windows NT client is manipulating the UNIX
permission on a directory using the native NT security dialog
box.</para>
<para>
This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
in this mask from being modified. Make sure not to mix up this parameter with <smbconfoption name="force
directory security mode"/>, which works similar like this one but uses logical OR instead of AND.
Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
</para>
<para>If not set explicitly this parameter is set to 0777
meaning a user is allowed to modify all the user/group/world
permissions on a directory.</para>
<para><emphasis>Note</emphasis> that users who can access the
Samba server through other means can easily bypass this restriction,
so it is primarily useful for standalone "appliance" systems.
Administrators of most normal systems will probably want to leave
it as the default of <constant>0777</constant>.</para>
</description>
<related>force directory security mode</related>
<related>security mask</related>
<related>force security mode</related>
<value type="default">0777</value>
<value type="example">0700</value>
</samba:parameter>
|
