blob: b306b2be48d1ec8912eb6351d1eb8500afb18e7a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<samba:parameter name="acl flag inherited canonicalization"
context="S"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option controls the way Samba handles client requests setting
the Security Descriptor of files and directories and the effect the
operation has on the Security Descriptor flag "DACL
auto-inherited" (DI). Generally, this flag is set on a file (or
directory) upon creation if the parent directory has DI set and also has
inheritable ACEs.
</para>
<para>On the other hand when a Security Descriptor is explicitly set on
a file, the DI flag is cleared, unless the flag "DACL Inheritance
Required" (DR) is also set in the new Security Descriptor (fwiw, DR is
never stored on disk).</para>
<para>This is the default behaviour when this option is enabled (the
default). When setting this option to <command>no</command>, the
resulting value of the DI flag on-disk is directly taken from the DI
value of the to-be-set Security Descriptor. This can be used so dump
tools like rsync that copy data blobs from xattrs that represent ACLs
created by the acl_xattr VFS module will result in copies of the ACL
that are identical to the source. Without this option, the copied ACLs
would all lose the DI flag if set on the source.</para>
</description>
<value type="default">yes</value>
</samba:parameter>
|
