blob: 29cad9eb95c7a05226daf5e3bd33e618bd193942 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<variablelist>
<varlistentry>
<term>nfs4:mode = [ simple | special ]</term>
<listitem>
<para>
Controls substitution of special IDs (OWNER@ and GROUP@) on NFS4 ACLs.
The use of mode simple is recommended.
In this mode only non inheriting ACL entries for the file owner
and group are mapped to special IDs.
</para>
<para>The following MODEs are understood by the module:</para>
<itemizedlist>
<listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
<listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
<listitem>
<para>
This parameter configures how Samba handles duplicate ACEs encountered in NFS4 ACLs.
They allow creating duplicate ACEs with different bits for same ID, which may confuse the Windows clients.
</para>
<para>Following is the behaviour of Samba for different values :</para>
<itemizedlist>
<listitem><para><command>dontcare</command> - copy the ACEs as they come</para></listitem>
<listitem><para><command>reject (deprecated)</command> - stop operation and exit with error on ACL set op</para></listitem>
<listitem><para><command>ignore (deprecated)</command> - don't include the second matching ACE</para></listitem>
<listitem><para><command>merge (default)</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:chown = [yes|no]</term>
<listitem>
<para>This parameter allows enabling or disabling the chown supported
by the underlying filesystem. This parameter should be enabled with
care as it might leave your system insecure.</para>
<para>Some filesystems allow chown as a) giving b) stealing. It is the latter
that is considered a risk.</para>
<para>Following is the behaviour of Samba for different values : </para>
<itemizedlist>
<listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
<listitem><para><command>no (default)</command> - Disable chown</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
|
