summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-08-01 18:40:19 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:38:29 -0500
commit330899ec30ffceb798e3a8362d20e103e20b2897 (patch)
tree98ea8436fe7ec8630fe8d10c0bfaea0606f43edc /examples
parentb3ac5a586ba37b1122b0dc941dfee648fc4fa6d5 (diff)
downloadsamba-330899ec30ffceb798e3a8362d20e103e20b2897.tar.gz
r17367: Reverting the ab code. Note I'm not saying this
code is wrong or bad or anything, just that it needs to be discussed & reviewed on the samba-technical list before we add a platform-specific NFSv4 mapping. That way lies a lot of future pain :-). Jeremy.
Diffstat (limited to 'examples')
-rw-r--r--examples/aix/README.nfs4acls.txt82
1 files changed, 0 insertions, 82 deletions
diff --git a/examples/aix/README.nfs4acls.txt b/examples/aix/README.nfs4acls.txt
deleted file mode 100644
index 1cb08877d32..00000000000
--- a/examples/aix/README.nfs4acls.txt
+++ /dev/null
@@ -1,82 +0,0 @@
-Configuring NFS4 ACLs in Samba3
-===============================
-Created: Peter Somogyi, 2006-JUN-06
-Last modified: Peter Somogyi, 2006-JUL-20
-Revision no.: 4
--------------------------------
-
-
-Parameters in smb.conf:
-=======================
-
-Each parameter must have a prefix "nfs4:".
-Each one affects the behaviour only when _setting_ an acl on a file/dir:
-
-mode = [simple|special]
-- simple: don't use OWNER@ and GROUP@ special IDs in ACEs. - default
-- special: use OWNER@ and GROUP@ special IDs in ACEs instead of simple user&group ids.
-Note: EVERYONE@ is always processed (if found such an ACE).
-Note2: special mode will have side effect when _only_ chown is performed. Later this may be worked out.
-
-Use "simple" mode when the share is used mainly by windows users and unix side is not significant. You will loose unix bits in this case.
-It's strongly advised setting "store dos attributes = yes" in smb.conf.
-
-chown = [true|false]
-- true => enable changing owner and group - default.
-- false => disable support for changing owner or group
-
-acedup = [dontcare|reject|ignore|merge]
-- dontcare: copy ACEs as they come, don't care with "duplicate" records. Default.
-- reject: stop operation, exit acl setter operation with an error
-- ignore: don't include the second matching ACE
-- merge: OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE
-
-Two ACEs are considered here "duplicate" when their type and id fields are matching.
-
-Example:
-
-[smbtest]
-path = /tests/psomogyi/smbtest
-writable = yes
-vfs objects = aixacl2
-nfs4: mode = special
-nfs4: chown = yes
-nfs4: acedup = merge
-
-Configuring AIX ACL support
-==============================
-
-Binaries: (default install path is [samba]/lib/vfs/)
-- aixacl.so: provides AIXC ACL support only, can be compiled and works on all AIX platforms
-- aixacl2.so: provides AIXC and JFS2-NFS4 ACL support, can be compiled and works only under AIX 5.3 and newer.
-NFS4 acl currently has support only under JFS2 (ext. attr. format must be set to v2).
-aixacl2.so always detects support for NFS4 acls and redirects to POSIX ACL handling automatically when NFS4 is not supported for a path.
-
-Adding "vfs objects = aixacl2" to a share should be done only in case when NFS4 is really supported by the filesystem.
-(Otherwise you may get performance loss.)
-
-For configuration see also the example above.
-
-General notes
-=============
-
-NFS4 handling logic is separated from AIX/jfs2 ACL parsing.
-
-Samba and its VFS modules dosn't reorder ACEs. Windows clients do that (and the smbcacl tool). MSDN also says deny ACEs must come first.
-NFS4 ACL's validity is checked by the system API, not by Samba.
-NFS4 ACL rights are enforced by the OS or filesystem, not by Samba.
-
-The flag INHERITED_ACE is never set (not required, as doesn't do WinNT/98/me, only since Win2k).
-Win2k GUI behaves strangely when detecting inheritance (sometimes it doesn't detect,
-but after adding an ace it shows that - it's some GUI error).
-
-Unknown (unmappable) SIDs are not accepted.
-
-TODOs
-=====
-- Creator Owner & Group SID handling (same way as posix)
-- the 4 generic rights bits support (GENERIC_RIGHT_READ_ACCESS, WRITE, EXEC, ALL)
-- chown & no ACL, but we have ONWER@ and GROUP@
-- DIALUP, ANONYMOUS, ... builtin SIDs
-- audit & alarm support - in theory it's forwarded so it should work, but currently there's no platform which supports them to test
-- support for a real NFS4 client (we don't have an accepted API yet)