diff options
Diffstat (limited to '')
-rw-r--r-- | docs-xml/smbdotconf/security/aclgroupcontrol.xml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/aclgroupcontrol.xml b/docs-xml/smbdotconf/security/aclgroupcontrol.xml new file mode 100644 index 0000000..eeec434 --- /dev/null +++ b/docs-xml/smbdotconf/security/aclgroupcontrol.xml @@ -0,0 +1,45 @@ +<samba:parameter name="acl group control" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions + and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the + <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs + on that file. + </para> + <para> + On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in + that group to modify the permissions on it. This allows the delegation of security controls + on a point in the filesystem to the group owner of a directory and anything below it also owned + by that group. This means there are multiple people with permissions to modify ACLs on a file + or directory, easing manageability. + </para> + <para> + This parameter allows Samba to also permit delegation of the control over a point in the exported + directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to + control the permissions on a file or directory they have group ownership on. + </para> + + <para> + This parameter is best used with the <smbconfoption name="inherit owner"/> option and also + on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set + on them, which causes new files and directories created within it to inherit the group + ownership from the containing directory. + </para> + + <para> + This parameter was deprecated in Samba 3.0.23, but re-activated in + Samba 3.0.31 and above, as it now only controls permission changes if the user + is in the owning primary group. It is now no longer equivalent to the + <parameter moreinfo="none">dos filemode</parameter> option. + </para> + +</description> + +<related>inherit owner</related> +<related>inherit permissions</related> + +<value type="default">no</value> +</samba:parameter> |