mirror of
https://github.com/samba-team/samba.git
synced 2025-02-12 21:58:10 +03:00
e3bc4d4ae0
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
31 lines
1.4 KiB
XML
31 lines
1.4 KiB
XML
<samba:parameter name="acl flag inherited canonicalization"
|
|
context="S"
|
|
type="boolean"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option controls the way Samba handles client requests setting
|
|
the Security Descriptor of files and directories and the effect the
|
|
operation has on the Security Descriptor flag "DACL
|
|
auto-inherited" (DI). Generally, this flag is set on a file (or
|
|
directory) upon creation if the parent directory has DI set and also has
|
|
inheritable ACEs.
|
|
</para>
|
|
|
|
<para>On the other hand when a Security Descriptor is explicitly set on
|
|
a file, the DI flag is cleared, unless the flag "DACL Inheritance
|
|
Required" (DR) is also set in the new Security Descriptor (fwiw, DR is
|
|
never stored on disk).</para>
|
|
|
|
<para>This is the default behaviour when this option is enabled (the
|
|
default). When setting this option to <command>no</command>, the
|
|
resulting value of the DI flag on-disk is directly taken from the DI
|
|
value of the to-be-set Security Descriptor. This can be used so dump
|
|
tools like rsync that copy data blobs from xattrs that represent ACLs
|
|
created by the acl_xattr VFS module will result in copies of the ACL
|
|
that are identical to the source. Without this option, the copied ACLs
|
|
would all lose the DI flag if set on the source.</para>
|
|
</description>
|
|
|
|
<value type="default">yes</value>
|
|
</samba:parameter>
|