summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/forceunknownacluser.xml
blob: c54b9b03381bea988a2a23f0b5df5db2dc2b214d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<samba:parameter name="force unknown acl user"
                 context="S"
				 type="boolean"
                 xmlns:samba="http://samba.org/common">

<description>
    <para>If this parameter is set, a Windows NT ACL that contains an unknown
              SID (security descriptor, or representation of a user or group
              id) as the owner or group owner of the file will be silently
              mapped into the current UNIX uid or gid of the currently
              connected user.</para>

    <para>This is designed to allow Windows NT clients to copy files and
              folders containing ACLs that were created locally on the client
              machine and contain users local to that machine only (no domain
              users) to be copied to a Samba server (usually with XCOPY /O)
              and have the unknown userid and groupid of the file owner map to
              the current connected user.  This can only be fixed correctly
              when winbindd allows arbitrary mapping from any Windows NT SID
              to a UNIX uid or gid.</para>

    <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED
    error.</para>
</description>

<value type="default">no</value>
</samba:parameter>