docs/smbdotconf/security/forcedirectorysecuritymode.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

<samba:parameter name="force directory security mode"
                 context="S"
				 type="string"
                 xmlns:samba="http://samba.org/common">
<description>
    <para>This parameter controls what UNIX permission bits 
    can be modified when a Windows NT client is manipulating the UNIX 
    permission on a directory using the native NT security dialog box.</para>

    <para>This parameter is applied as a mask (OR'ed with) to the 
    changed permission bits, thus forcing any bits in this mask that 
    the user may have modified to be on. Essentially, one bits in this 
    mask may be treated as a set of bits that, when modifying security 
    on a directory, the user has always set to be 'on'.</para>

    <para>If not set explicitly this parameter is 000, which 
    allows a user to modify all the user/group/world permissions on a 
    directory without restrictions.</para>

    <note><para>Users who can access the 
    Samba server through other means can easily bypass this restriction, 
    so it is primarily useful for standalone &quot;appliance&quot; systems.  
    Administrators of most normal systems will probably want to leave
	it set as 0000.</para></note>

</description>

<value type="default">0</value>
<value type="example">700</value>

<related>directory security mask</related>
<related>security mask</related>
<related>force security mode</related>

</samba:parameter>