blob: d41d6bddaeea72952ce96157fef9d0dd80558c67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
<samba:parameter name="security mask"
context="S"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the
UNIX permission on a file using the native NT security dialog box.
</para>
<para>
This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not
in this mask from being modified. Make sure not to mix up this parameter with <smbconfoption name="force
security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND.
</para>
<para>
Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change.
</para>
<para>
If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file.
</para>
<para><emphasis>
Note</emphasis> that users who can access the Samba server through other means can easily bypass this
restriction, so it is primarily useful for standalone "appliance" systems. Administrators of
most normal systems will probably want to leave it set to <constant>0777</constant>.
</para>
</description>
<related>force directory security mode</related>
<related>directory security mask</related>
<related>force security mode</related>
<value type="default">0777</value>
<value type="example">0770</value>
</samba:parameter>
|
