summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/aclgroupcontrol.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs-xml/smbdotconf/security/aclgroupcontrol.xml45
1 files changed, 45 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/aclgroupcontrol.xml b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
new file mode 100644
index 0000000..eeec434
--- /dev/null
+++ b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
@@ -0,0 +1,45 @@
+<samba:parameter name="acl group control"
+ context="S"
+ type="boolean"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
+ and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
+ <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs
+ on that file.
+ </para>
+ <para>
+ On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in
+ that group to modify the permissions on it. This allows the delegation of security controls
+ on a point in the filesystem to the group owner of a directory and anything below it also owned
+ by that group. This means there are multiple people with permissions to modify ACLs on a file
+ or directory, easing manageability.
+ </para>
+ <para>
+ This parameter allows Samba to also permit delegation of the control over a point in the exported
+ directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to
+ control the permissions on a file or directory they have group ownership on.
+ </para>
+
+ <para>
+ This parameter is best used with the <smbconfoption name="inherit owner"/> option and also
+ on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set
+ on them, which causes new files and directories created within it to inherit the group
+ ownership from the containing directory.
+ </para>
+
+ <para>
+ This parameter was deprecated in Samba 3.0.23, but re-activated in
+ Samba 3.0.31 and above, as it now only controls permission changes if the user
+ is in the owning primary group. It is now no longer equivalent to the
+ <parameter moreinfo="none">dos filemode</parameter> option.
+ </para>
+
+</description>
+
+<related>inherit owner</related>
+<related>inherit permissions</related>
+
+<value type="default">no</value>
+</samba:parameter>