summaryrefslogtreecommitdiffstats
path: root/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs-xml/manpages/vfs_nfs4acl_xattr.8.xml172
1 files changed, 172 insertions, 0 deletions
diff --git a/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml b/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml
new file mode 100644
index 0000000..d4ce40b
--- /dev/null
+++ b/docs-xml/manpages/vfs_nfs4acl_xattr.8.xml
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<ns:Root xmlns:xi="http://www.w3.org/2003/XInclude"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:ns="urn:TestNamespace">
+<refentry id="vfs_nfs4acl_xattr.8">
+
+ <refmeta>
+ <refentrytitle>vfs_nfs4acl_xattr</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+ </refmeta>
+
+
+ <refnamediv>
+ <refname>vfs_nfs4acl_xattr</refname>
+ <refpurpose>Save NTFS-ACLs as NFS4 encoded blobs in extended
+ attributes</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = nfs4acl_xattr</command>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_acl_xattr</command> VFS module stores NTFS Access
+ Control Lists (ACLs) in Extended Attributes (EAs/xattrs). This enables the
+ full mapping of Windows ACLs on Samba servers.
+ </para>
+
+ <para>This module is stackable.</para>
+ </refsect1>
+
+
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <xi:include href="nfs4.xml.include" xpointer="xpointer(*/*)" />
+
+ <variablelist>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:encoding = [nfs|ndr|xdr]</term>
+ <listitem>
+ <para>This parameter configures the marshaling format used in the ACL
+ blob and the default extended attribute name used to store the blob.
+ </para>
+
+ <para>When set to <emphasis>nfs</emphasis> - fetch and store the NT
+ ACL in NFS 4.0 or 4.1 compatible XDR encoding. By default this uses
+ the extended attribute "system.nfs4_acl". This setting also
+ disables <emphasis>validate_mode</emphasis>.</para>
+
+ <para>When set to <emphasis>ndr (default)</emphasis> - store the NT
+ ACL with POSIX draft NFSv4 compatible NDR encoding. By default this
+ uses the extended attribute "security.nfs4acl_ndr".</para>
+
+ <para>When set to <emphasis>xdr</emphasis> - store the NT ACL in a
+ format similar to NFS 4.1 RFC 5661 in XDR encoding. The main
+ differences to RFC 5661 are the use of ids instead of strings as users
+ and group identifiers and an additional attribute per nfsace4. By
+ default this encoding stores the blob in the extended attribute
+ "security.nfs4acl_xdr".</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:version = [40|41]</term>
+ <listitem>
+ <para>This parameter configures the NFS4 ACL level. Only
+ <emphasis>41</emphasis> fully supports mapping NT ACLs and should be
+ used. The default is <emphasis>41</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:default acl style = [posix|windows|everyone]</term>
+ <listitem>
+ <para>This parameter determines the type of ACL that is synthesized in
+ case a file or directory lacks an ACL extended attribute.</para>
+
+ <para>When set to <emphasis>posix</emphasis>, an ACL will be
+ synthesized based on the POSIX mode permissions for user, group and
+ others, with an additional ACE for <emphasis>NT
+ Authority\SYSTEM</emphasis> will full rights.</para>
+
+ <para>When set to <emphasis>windows</emphasis>, an ACL is synthesized
+ the same way Windows does it, only including permissions for the owner
+ and <emphasis>NT Authority\SYSTEM</emphasis>.</para>
+
+ <para>When set to <emphasis>everyone</emphasis>, an ACL is synthesized
+ giving full permissions to everyone (S-1-1-0).</para>
+
+ <para>The default for this option is
+ <emphasis>everyone</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:xattr_name = STRING</term>
+ <listitem>
+ <para>This parameter configures the extended attribute name used to
+ store the marshaled ACL.</para>
+ <para>The default depends on the setting for
+ <emphasis>nfs4acl_xattr:encoding</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:nfs4_id_numeric = yes|no (default: no)</term>
+ <listitem>
+ <para>This parameter tells the module how the NFS4 server encodes user
+ and group identifiers on the network. With the default setting the
+ module expects identifiers encoded as per the NFS4 RFC as
+ user@domain.</para>
+ <para>When set to <emphasis>yes</emphasis>, the module expects the
+ identifiers as numeric string.</para>
+ <para>The default for this options<emphasis>no</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>nfs4acl_xattr:validate_mode = yes|no</term>
+ <listitem>
+ <para>This parameter configures whether the module enforces the POSIX
+ mode is set to 0777 for directories and 0666 for files. If this
+ constrained is not met, the xattr with the ACL blob is
+ discarded.</para>
+ <para>The default depends on the setting for
+ <emphasis>nfs4acl_xattr:encoding</emphasis>: when set to
+ <emphasis>nfs</emphasis> this setting is disabled by default,
+ otherwise it is enabled.</para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLES</title>
+
+ <para>A directory can be exported via Samba using this module as
+ follows:</para>
+
+ <programlisting>
+ <smbconfsection name="[samba_gpfs_share]"/>
+ <smbconfoption name="vfs objects">nfs4acl_xattr</smbconfoption>
+ <smbconfoption name="path">/foo/bar</smbconfoption>
+ </programlisting>
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+ </refsect1>
+
+</refentry>
+</ns:Root>