diff options
author | Gerald W. Carter <jerry@samba.org> | 2008-04-22 10:09:40 -0500 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 11:54:26 -0500 |
commit | 9a7d6ed29d26a734f8b85dbabf5b1a4f9f6107f8 (patch) | |
tree | 0df3c32812171d1f11b2574cc85c2a43051bdc6a /docs-xml/smbdotconf/security/securitymask.xml | |
parent | 8a1804eb2e46ed0d53743107f8397badb958da83 (diff) | |
download | samba-9a7d6ed29d26a734f8b85dbabf5b1a4f9f6107f8.tar.gz |
Moving docs tree to docs-xml to make room for generated docs in the release tarball.
Diffstat (limited to 'docs-xml/smbdotconf/security/securitymask.xml')
-rw-r--r-- | docs-xml/smbdotconf/security/securitymask.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/securitymask.xml b/docs-xml/smbdotconf/security/securitymask.xml new file mode 100644 index 00000000000..23bc2808db4 --- /dev/null +++ b/docs-xml/smbdotconf/security/securitymask.xml @@ -0,0 +1,39 @@ +<samba:parameter name="security mask" + context="S" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the + UNIX permission on a file using the native NT security dialog box. + </para> + + <para> + This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting + any bits not in this mask. Make sure not to mix up this parameter with <smbconfoption name="force + security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND. + </para> + + <para> + Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the + file permissions regardless of the previous status of this bits on the file. + </para> + + <para> + If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file. + </para> + + <para><emphasis> + Note</emphasis> that users who can access the Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone "appliance" systems. Administrators of + most normal systems will probably want to leave it set to <constant>0777</constant>. + </para> +</description> + +<related>force directory security mode</related> +<related>directory security mask</related> +<related>force security mode</related> + +<value type="default">0777</value> +<value type="example">0770</value> +</samba:parameter> |