mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
fcaeffde4e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531 Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 13 17:22:01 CET 2017 on sn-devel-144
137 lines
4.3 KiB
XML
137 lines
4.3 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
|
<refentry id="vfs_acl_xattr.8">
|
|
|
|
<refmeta>
|
|
<refentrytitle>vfs_acl_xattr</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="source">Samba</refmiscinfo>
|
|
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
|
|
<refmiscinfo class="version">&doc.version;</refmiscinfo>
|
|
</refmeta>
|
|
|
|
|
|
<refnamediv>
|
|
<refname>vfs_acl_xattr</refname>
|
|
<refpurpose>Save NTFS-ACLs in Extended Attributes (EAs)</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>vfs objects = acl_xattr</command>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>DESCRIPTION</title>
|
|
|
|
<para>This VFS module is part of the
|
|
<citerefentry><refentrytitle>samba</refentrytitle>
|
|
<manvolnum>7</manvolnum></citerefentry> suite.</para>
|
|
|
|
<para>The <command>vfs_acl_xattr</command> VFS module stores
|
|
NTFS Access Control Lists (ACLs) in Extended Attributes (EAs).
|
|
This enables the full mapping of Windows ACLs on Samba
|
|
servers.
|
|
</para>
|
|
|
|
<para>The ACLs are stored in the Extended Attribute
|
|
<parameter>security.NTACL</parameter> of a file or directory.
|
|
This Attribute is <emphasis>not</emphasis> listed by
|
|
<command>getfattr -d <filename>filename</filename></command>.
|
|
To show the current value, the name of the EA must be specified
|
|
(e.g. <command>getfattr -n security.NTACL <filename>filename</filename>
|
|
</command>).
|
|
</para>
|
|
|
|
<para>
|
|
This module forces the following parameters:
|
|
<itemizedlist>
|
|
<listitem><para>inherit acls = true</para></listitem>
|
|
<listitem><para>dos filemode = true</para></listitem>
|
|
<listitem><para>force unknown acl user = true</para></listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<para>This module is stackable.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>OPTIONS</title>
|
|
|
|
<variablelist>
|
|
<!-- please keep in sync with the other acl vfs modules that provide the same options -->
|
|
<varlistentry>
|
|
<term>acl_xattr:ignore system acls = [yes|no]</term>
|
|
<listitem>
|
|
<para>
|
|
When set to <emphasis>yes</emphasis>, a best effort mapping
|
|
from/to the POSIX ACL layer will <emphasis>not</emphasis> be
|
|
done by this module. The default is <emphasis>no</emphasis>,
|
|
which means that Samba keeps setting and evaluating both the
|
|
system ACLs and the NT ACLs. This is better if you need your
|
|
system ACLs be set for local or NFS file access, too. If you only
|
|
access the data via Samba you might set this to yes to achieve
|
|
better NT ACL compatibility.
|
|
</para>
|
|
|
|
<para>
|
|
If <emphasis>acl_xattr:ignore system acls</emphasis>
|
|
is set to <emphasis>yes</emphasis>, the following
|
|
additional settings will be enforced:
|
|
<itemizedlist>
|
|
<listitem><para>create mask = 0666</para></listitem>
|
|
<listitem><para>directory mask = 0777</para></listitem>
|
|
<listitem><para>map archive = no</para></listitem>
|
|
<listitem><para>map hidden = no</para></listitem>
|
|
<listitem><para>map readonly = no</para></listitem>
|
|
<listitem><para>map system = no</para></listitem>
|
|
<listitem><para>store dos attributes = yes</para></listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>acl_xattr:default acl style = [posix|windows|everyone]</term>
|
|
<listitem>
|
|
<para>
|
|
This parameter determines the type of ACL that is synthesized in
|
|
case a file or directory lacks an
|
|
<emphasis>security.NTACL</emphasis> xattr.
|
|
</para>
|
|
<para>
|
|
When set to <emphasis>posix</emphasis>, an ACL will be
|
|
synthesized based on the POSIX mode permissions for user, group
|
|
and others, with an additional ACE for <emphasis>NT
|
|
Authority\SYSTEM</emphasis> will full rights.
|
|
</para>
|
|
<para>
|
|
When set to <emphasis>windows</emphasis>, an ACL is synthesized
|
|
the same way Windows does it, only including permissions for the
|
|
owner and <emphasis>NT Authority\SYSTEM</emphasis>.
|
|
</para>
|
|
<para>
|
|
When set to <emphasis>everyone</emphasis>, an ACL is synthesized
|
|
giving full permissions to everyone (S-1-1-0).
|
|
</para>
|
|
<para>
|
|
The default for this option is <emphasis>posix</emphasis>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>AUTHOR</title>
|
|
|
|
<para>The original Samba software and related utilities
|
|
were created by Andrew Tridgell. Samba is now developed
|
|
by the Samba Team as an Open Source project similar
|
|
to the way the Linux kernel is developed.</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|