blob: 1cf6e09a46dd1e3d310213c06429f5bf9dedbb15 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
<samba:parameter name="security mask"
context="S"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This parameter controls what UNIX permission bits can be set when a Windows NT client is manipulating the
UNIX permission on a file using the native NT security dialog box.
</para>
<para>
This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus preventing any bits not
in this mask from being set. Make sure not to mix up this parameter with <smbconfoption name="force
security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND.
</para>
<para>
Essentially, zero bits in this mask are a set of bits that will always be set to zero.
</para>
<para>
If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file.
</para>
<para><emphasis>
Note</emphasis> that users who can access the Samba server through other means can easily bypass this
restriction, so it is primarily useful for standalone "appliance" systems. Administrators of
most normal systems will probably want to leave it set to <constant>0777</constant>.
</para>
</description>
<related>force directory security mode</related>
<related>directory security mask</related>
<related>force security mode</related>
<value type="default">0777</value>
<value type="example">0770</value>
</samba:parameter>
|
