From 4f5791ebd03eaec1c7da0865a383175b05102712 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 5 May 2024 19:47:29 +0200
Subject: Adding upstream version 2:4.17.12+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../smbdotconf/security/forceunknownacluser.xml    | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs-xml/smbdotconf/security/forceunknownacluser.xml

(limited to 'docs-xml/smbdotconf/security/forceunknownacluser.xml')

diff --git a/docs-xml/smbdotconf/security/forceunknownacluser.xml b/docs-xml/smbdotconf/security/forceunknownacluser.xml
new file mode 100644
index 0000000..c5aec53
--- /dev/null
+++ b/docs-xml/smbdotconf/security/forceunknownacluser.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="force unknown acl user"
+                 context="S"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+
+<description>
+    <para>
+    If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or 
+    representation of a user or group id) as the owner or group owner of the file will be silently
+    mapped into the current UNIX uid or gid of the currently connected user.
+    </para>
+
+    <para>
+    This is designed to allow Windows NT clients to copy files and folders containing ACLs that were 
+    created locally on the client machine and contain users local to that machine only (no domain
+    users) to be copied to a Samba server (usually with XCOPY /O) and have the unknown userid and 
+    groupid of the file owner map to the current connected user.  This can only be fixed correctly
+    when winbindd allows arbitrary mapping from any Windows NT SID to a UNIX uid or gid.
+    </para>
+
+    <para>
+    Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+    </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
-- 
cgit v1.2.3