1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/docs-xml/manpages/nfs4.xml.include
Björn Jacke 7011573e13 docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2022-06-22 18:05:32 +00:00

58 lines
2.3 KiB
Plaintext

<variablelist>
<varlistentry>
<term>nfs4:mode = [ simple | special ]</term>
<listitem>
<para>
Controls substitution of special IDs (OWNER@ and GROUP@) on NFS4 ACLs.
The use of mode simple is recommended.
In this mode only non inheriting ACL entries for the file owner
and group are mapped to special IDs.
</para>
<para>The following MODEs are understood by the module:</para>
<itemizedlist>
<listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
<listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
<listitem>
<para>
This parameter configures how Samba handles duplicate ACEs encountered in NFS4 ACLs.
They allow creating duplicate ACEs with different bits for same ID, which may confuse the Windows clients.
</para>
<para>Following is the behaviour of Samba for different values :</para>
<itemizedlist>
<listitem><para><command>dontcare</command> - copy the ACEs as they come</para></listitem>
<listitem><para><command>reject (deprecated)</command> - stop operation and exit with error on ACL set op</para></listitem>
<listitem><para><command>ignore (deprecated)</command> - don't include the second matching ACE</para></listitem>
<listitem><para><command>merge (default)</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:chown = [yes|no]</term>
<listitem>
<para>This parameter allows enabling or disabling the chown supported
by the underlying filesystem. This parameter should be enabled with
care as it might leave your system insecure.</para>
<para>Some filesystems allow chown as a) giving b) stealing. It is the latter
that is considered a risk.</para>
<para>Following is the behaviour of Samba for different values : </para>
<itemizedlist>
<listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
<listitem><para><command>no (default)</command> - Disable chown</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>