blob: eeec434b4b463168fda31e51c7b1dc2ec45ac948 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<samba:parameter name="acl group control"
context="S"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
<emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs
on that file.
</para>
<para>
On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in
that group to modify the permissions on it. This allows the delegation of security controls
on a point in the filesystem to the group owner of a directory and anything below it also owned
by that group. This means there are multiple people with permissions to modify ACLs on a file
or directory, easing manageability.
</para>
<para>
This parameter allows Samba to also permit delegation of the control over a point in the exported
directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to
control the permissions on a file or directory they have group ownership on.
</para>
<para>
This parameter is best used with the <smbconfoption name="inherit owner"/> option and also
on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set
on them, which causes new files and directories created within it to inherit the group
ownership from the containing directory.
</para>
<para>
This parameter was deprecated in Samba 3.0.23, but re-activated in
Samba 3.0.31 and above, as it now only controls permission changes if the user
is in the owning primary group. It is now no longer equivalent to the
<parameter moreinfo="none">dos filemode</parameter> option.
</para>
</description>
<related>inherit owner</related>
<related>inherit permissions</related>
<value type="default">no</value>
</samba:parameter>
|
