diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml b/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml
index 251cc32fcc3..f074d2c1401 100644
--- a/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml
+++ b/docs/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml
@@ -352,10 +352,12 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08
An overview of the permissions field can be found in Overview of UNIX permissions field.
- Overview of UNIX permissions field.access1
+ Overview of UNIX permissions field.
+ access1
- Any bit flag may be unset. An unset bit flag is the equivalent of cannot and is represented as a - character.
+ Any bit flag may be unset. An unset bit flag is the equivalent of cannot and is represented
+ as a - character.
Example File
@@ -373,9 +375,9 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08
- The letters rwxXst set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x),
- execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s),
- sticky (t).
+ The letters rwxXst set permissions for the user, group and others as: read (r), write (w),
+ execute (or access for directories) (x), execute only if the file is a directory or already has execute
+ permission for some user (X), set user or group ID on execution (s), sticky (t).
@@ -406,11 +408,21 @@ drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08
For example, Windows NT/2K/XP provides the capacity to set access controls on a directory into which people can
write files but not delete them. It is possible to set an ACL on a Windows file that permits the file to be written to
but not deleted. Such concepts are foreign to the UNIX operating system file space. Within the UNIX file system
- anyone who has the ability to create a file can write to it, and has the capability to delete it. Of necessity, Samba
- is subject to the file system semantics of the host operating system. Samba is therefore limited in the file system
- capabilities that can be made available through Windows ACLs, and therefore performs a best fit
- translation to POSIX ACLs. Some UNIX file systems do however support a feature known as extended attributes. Only
- the Windows concept of inheritance is implemented by Samba through the appropriate extended attribute.
+ anyone who has the ability to create a file can write to it, and has the capability to delete it.
+
+
+
+ For the record, in the UNIX environment the ability to delete a file is controlled by the permissions on
+ the directory that the file is in. In other words, a user can delete a file in a directory to which that
+ user had write access, even if that user does not own the file.
+
+
+
+ Of necessity, Samba is subject to the file system semantics of the host operating system. Samba is therefore
+ limited in the file system capabilities that can be made available through Windows ACLs, and therefore performs
+ a best fit translation to POSIX ACLs. Some UNIX file systems do however support a feature known
+ as extended attributes. Only the Windows concept of inheritance is implemented by Samba through
+ the appropriate extended attribute.
diff --git a/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml b/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml
index 68459cf2f06..f9cb236bccc 100644
--- a/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml
+++ b/docs/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml
@@ -69,7 +69,8 @@
IDMAP
In both cases, when winbindd is not running, only locally resolvable groups can be recognized. Please refer to
- IDMAP: group SID to GID resolution and IDMAP: GID resolution to matching SID.
+ IDMAP: group SID to GID resolution and
+ IDMAP: GID resolution to matching SID.
The net groupmap is
used to establish UNIX group to NT SID mappings as shown in IDMAP: storing group mappings.
@@ -199,6 +200,25 @@
but for now the burden is on you.
+
+ Warning &smbmmdsh; User Private Group Problems
+
+
+ Windows does not permit user and group accounts to have the same name.
+ This has serious implications for all sites that use private group accounts.
+ A private group account is an administrative practice whereby users are each
+ given their own group account. Red Hat Linux, as well as several free distributions
+ of Linux by default create private groups.
+
+
+
+ When mapping a UNIX/Linux group to a Windows group account all conflict can
+ be avoided by assuring that the Windows domain group name does not overlap
+ with any user account name.
+
+
+
+
Important Administrative Information
diff --git a/docs/Samba-HOWTO-Collection/index.xml b/docs/Samba-HOWTO-Collection/index.xml
index a95c6b21b75..7e788ab0d02 100644
--- a/docs/Samba-HOWTO-Collection/index.xml
+++ b/docs/Samba-HOWTO-Collection/index.xml
@@ -117,6 +117,7 @@ The chapters in this part each cover specific Samba features.
+
@@ -149,7 +150,7 @@ The chapters in this part each cover specific Samba features.
-
+