diff options
author | Andrew Tridgell <tridge@samba.org> | 1998-03-12 03:00:44 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1998-03-12 03:00:44 +0000 |
commit | 540af9b304400dc64498eab80a560f6c2209676c (patch) | |
tree | cd27deee3b3f19ca65e3dd8634833ea363061f29 /swat/help | |
parent | cc4e595473f4406e9feecbb5f0c7b00e12daebd4 (diff) | |
download | samba-540af9b304400dc64498eab80a560f6c2209676c.tar.gz |
some initial help and images files for swat
(This used to be commit d2376416d6350b22550ab56a590afd06d7c4d9bf)
Diffstat (limited to 'swat/help')
-rw-r--r-- | swat/help/parameters.html | 3368 | ||||
-rw-r--r-- | swat/help/welcome.html | 8 |
2 files changed, 3376 insertions, 0 deletions
diff --git a/swat/help/parameters.html b/swat/help/parameters.html new file mode 100644 index 00000000000..15cf563983f --- /dev/null +++ b/swat/help/parameters.html @@ -0,0 +1,3368 @@ +<HTML> +<BODY> + +SWAT Parameters help<p> + +We need to reformat the smb.conf man page as HTML with a label for +each parameter. Anyone want to write a perl script? Currently I've +just done a quick hack with an emacs macro to get something in +place. Or maybe the SGML conversion will be the way to go?<p> + +<hr> + +<a name="admin users"> +<H3>admin users (S)</H3><p> + +This is a list of users who will be granted administrative privileges +on the share. This means that they will do all file operations as the +super-user (root).<p> + +You should use this option very carefully, as any user in this list +will be able to do anything they like on the share, irrespective of +file permissions.<p> + +.B Default: + no admin users<p> + +.B Example: + admin users = jason<p> + +<a name="announce as"> +<H3>announce as (G)</H3><p> + +This specifies what type of server nmbd will announce itself as in +browse lists. By default this is set to Windows NT. The valid options +are "NT", "Win95" or "WfW" meaining Windows NT, Windows 95 and +Windows for Workgroups respectively. Do not change this parameter +unless you have a specific need to stop Samba appearing as an NT +server as this may prevent Samba servers from participating as +browser servers correctly.<p> + +.B Default: + announce as = NT<p> + +.B Example + announce as = Win95<p> + +<a name="announce version"> +<H3>announce version (G)</H3><p> + +This specifies the major and minor version numbers that nmbd +will use when announcing itself as a server. The default is 4.2. +Do not change this parameter unless you have a specific need to +set a Samba server to be a downlevel server.<p> + +.B Default: + announce version = 4.2<p> + +.B Example: + announce version = 2.0<p> + +<a name="auto services"> +<H3>auto services (G)</H3> +This is a list of services that you want to be automatically added to +the browse lists. This is most useful for homes and printers services +that would otherwise not be visible.<p> + +Note that if you just want all printers in your printcap file loaded +then the "load printers" option is easier.<p> + +.B Default: + no auto services<p> + +.B Example: + auto services = fred lp colorlp<p> + +<a name="allow hosts"> +<H3>allow hosts (S)</H3> +A synonym for this parameter is 'hosts allow'.<p> + +This parameter is a comma delimited set of hosts which are permitted to access +a service. <p> + +If specified in the [global] section then it will apply to all +services, regardless of whether the individual service has a different +setting. <p> + +You can specify the hosts by name or IP number. For example, you could +restrict access to only the hosts on a Class C subnet with something like +"allow hosts = 150.203.5.". The full syntax of the list is described in +the man page +.BR hosts_access (5).<p> + +You can also specify hosts by network/netmask pairs and by netgroup +names if your system supports netgroups. The EXCEPT keyword can also +be used to limit a wildcard list. The following examples may provide +some help:<p> + +Example 1: allow all IPs in 150.203.*.* except one<p> + + hosts allow = 150.203. EXCEPT 150.203.6.66<p> + +Example 2: allow hosts that match the given network/netmask<p> + + hosts allow = 150.203.15.0/255.255.255.0<p> + +Example 3: allow a couple of hosts<p> + + hosts allow = lapland, arvidsjaur<p> + +Example 4: allow only hosts in netgroup "foonet" or localhost, but +deny access from one particular host<p> + + hosts allow = @foonet, localhost + hosts deny = pirate<p> + +Note that access still requires suitable user-level passwords.<p> + +See +.BR testparm (1) +for a way of testing your host access to see if it +does what you expect.<p> + +.B Default: + none (i.e., all hosts permitted access)<p> + +.B Example: + allow hosts = 150.203.5. myhost.mynet.edu.au<p> + +<a name="alternate permissions"> +<H3>alternate permissions (S)</H3><p> + +This option affects the way the "read only" DOS attribute is produced +for UNIX files. If this is false then the read only bit is set for +files on writeable shares which the user cannot write to.<p> + +If this is true then it is set for files whos user write bit is not set.<p> + +The latter behaviour is useful for when users copy files from each +others directories, and use a file manager that preserves +permissions. Without this option they may get annoyed as all copied +files will have the "read only" bit set.<p> + +.B Default: + alternate permissions = no<p> + +.B Example: + alternate permissions = yes<p> + +<a name="available"> +<H3>available (S)</H3> +This parameter lets you 'turn off' a service. If 'available = no', then +ALL attempts to connect to the service will fail. Such failures are logged.<p> + +.B Default: + available = yes<p> + +.B Example: + available = no<p> + +<a name="bind interfaces only"> +<H3>bind interfaces only (G)</H3> +This global parameter (new for 1.9.18) allows the Samba admin to limit +what interfaces on a machine will serve smb requests. If affects file service +(smbd) and name service (nmbd) in slightly different ways.<p> + +For name service it causes nmbd to bind to ports 137 and 138 on +the interfaces listed in the 'interfaces' parameter. nmbd also binds +to the 'all addresses' interface (0.0.0.0) on ports 137 and 138 +for the purposes of reading broadcast messages. If this option is +not set then nmbd will service name requests on all of these +sockets. If "bind interfaces only" is set then nmbd will check +the source address of any packets coming in on the broadcast +sockets and discard any that don't match the broadcast addresses +of the interfaces in the 'interfaces' parameter list. As unicast +packets are received on the other sockets it allows nmbd to +refuse to serve names to machines that send packets that arrive +through any interfaces not listed in the 'interfaces' list. +IP Source address spoofing does defeat this simple check, however +so it must not be used seriously as a security feature for nmbd.<p> + +For file service it causes smbd to bind only to the interface +list given in the 'interfaces' parameter. This restricts the +networks that smbd will serve to packets coming in those interfaces. +Note that you should not use this parameter for machines that +are serving ppp or other intermittant or non-broadcast network +interfaces as it will not cope with non-permanent interfaces.<p> + +.B Default: + bind interfaces only = False<p> + +.B Example: + bind interfaces only = True<p> + +<a name="browseable"> +<H3>browseable (S)</H3> +This controls whether this share is seen in the list of available +shares in a net view and in the browse list.<p> + +.B Default: + browseable = Yes<p> + +.B Example: + browseable = No +<a name="browse lis"> +<H3>browse list(G)</H3> +This controls whether the smbd will serve a browse list to a client +doing a NetServerEnum call. Normally set to true. You should never +need to change this.<p> + +.B Default: + browse list = Yes<p> + +<a name="case sensitive"> +<H3>case sensitive (G)</H3> +See the discussion on NAME MANGLING.<p> + +<a name="case sig names"> +<H3>case sig names (G)</H3> +See "case sensitive"<p> + +<a name="character set"> +<H3>character set (G)</H3> +This allows a smbd to map incoming characters from a DOS 850 Code page +to either a Western European (ISO8859-1) or Easter European (ISO8859-2) +code page. Normally not set, meaning no filename translation is done.<p> + +.B Default<p> + + character set =<p> + +.B Example<p> + + character set = iso8859-1<p> + +<a name="client code page"> +<H3>client code page (G)</H3> +Currently (Samba 1.9.17 and above) this may be set to one of two +values, 850 or 437. It specifies the base DOS code page that the +clients accessing Samba are using. To determine this, open a DOS +command prompt and type the command "chcp". This will output the +code page. The default for USA MS-DOS, Windows 95, and Windows NT +releases is code page 437. The default for western european +releases of the above operating systems is code page 850.<p> + +This parameter co-operates with the "valid chars" parameter in +determining what characters are valid in filenames and how +capitalization is done. It has been added as a convenience for +clients whose code page is either 437 or 850 so a convoluted +"valid chars" string does not have to be determined. If you +set both this parameter and the "valid chars" parameter the +"client code page" parameter MUST be set before the "valid chars" +in the smb.conf file. The "valid chars" string will then augment +the character settings in the "client code page" parameter.<p> + +If "client code page" is set to a value other than 850 or 437 +it will default to 850.<p> + +See also : "valid chars".<p> + +.B Default<p> + + client code page = 850<p> + +.B Example<p> + + client code page = 437<p> + +<a name="comment"> +<H3>comment (S)</H3> +This is a text field that is seen next to a share when a client does a +net view to list what shares are available.<p> + +If you want to set the string that is displayed next to the machine +name then see the server string command.<p> + +.B Default: + No comment string<p> + +.B Example: + comment = Fred's Files<p> + +<a name="config file"> +<H3>config file (G)</H3><p> + +This allows you to override the config file to use, instead of the +default (usually smb.conf). There is a chicken and egg problem here as +this option is set in the config file! <p> + +For this reason, if the name of the config file has changed when the +parameters are loaded then it will reload them from the new config +file.<p> + +This option takes the usual substitutions, which can be very useful.<p> + +If the config file doesn't exist then it won't be loaded (allowing +you to special case the config files of just a few clients).<p> + +.B Example: + config file = /usr/local/samba/lib/smb.conf.%m<p> + +<a name="copy"> +<H3>copy (S)</H3> +This parameter allows you to 'clone' service entries. The specified +service is simply duplicated under the current service's name. Any +parameters specified in the current section will override those in the +section being copied.<p> + +This feature lets you set up a 'template' service and create similar +services easily. Note that the service being copied must occur earlier +in the configuration file than the service doing the copying.<p> + +.B Default: + none<p> + +.B Example: + copy = otherservice +<a name="create mask"> +<H3>create mask (S)</H3> +A synonym for this parameter is 'create mode'.<p> + +When a file is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and +the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. +This parameter may be thought of as a bit-wise MASK for the UNIX +modes of a file. Any bit *not* set here will be removed from the +modes set on a file when it is created.<p> + +The default value of this parameter removes the 'group' and 'other' +write and execute bits from the UNIX modes.<p> + +Following this Samba will bit-wise 'OR' the UNIX mode created from +this parameter with the value of the "force create mode" parameter +which is set to 000 by default.<p> + +For Samba 1.9.17 and above this parameter no longer affects directory +modes. See the parameter 'directory mode' for details.<p> + +See also the "force create mode" parameter for forcing particular +mode bits to be set on created files. +See also the "directory mode" parameter for masking mode bits on created +directories.<p> + +.B Default: + create mask = 0744<p> + +.B Example: + create mask = 0775 +<a name="create mode"> +<H3>create mode (S)</H3> +See +.B create mask.<p> + +<a name="dead time"> +<H3>dead time (G)</H3> +The value of the parameter (a decimal integer) represents the number of +minutes of inactivity before a connection is considered dead, and it +is disconnected. The deadtime only takes effect if the number of open files +is zero.<p> + +This is useful to stop a server's resources being exhausted by a large +number of inactive connections.<p> + +Most clients have an auto-reconnect feature when a connection is broken so +in most cases this parameter should be transparent to users.<p> + +Using this parameter with a timeout of a few minutes is recommended +for most systems.<p> + +A deadtime of zero indicates that no auto-disconnection should be performed.<p> + +.B Default: + dead time = 0<p> + +.B Example: + dead time = 15 +<a name="debug level"> +<H3>debug level (G)</H3> +The value of the parameter (an integer) allows the debug level +(logging level) to be specified in the +.B smb.conf +file. This is to give +greater flexibility in the configuration of the system.<p> + +The default will be the debug level specified on the command line.<p> + +.B Example: + debug level = 3 +<a name="default"> +<H3>default (G)</H3> +See +.B default service. +<a name="default case"> +<H3>default case (S)</H3><p> + +See the section on "NAME MANGLING" Also note the addition of "short +preserve case"<p> + +<a name="default service"> +<H3>default service (G)</H3> +A synonym for this parameter is 'default'.<p> + +This parameter specifies the name of a service which will be connected to +if the service actually requested cannot be found. Note that the square +brackets are NOT given in the parameter value (see example below).<p> + +There is no default value for this parameter. If this parameter is not given, +attempting to connect to a nonexistent service results in an error.<p> + +Typically the default service would be a public, read-only service.<p> + +Also note that as of 1.9.14 the apparent service name will be changed to +equal that of the requested service, this is very useful as it allows +you to use macros like %S to make a wildcard service.<p> + +Note also that any _ characters in the name of the service used in the +default service will get mapped to a /. This allows for interesting +things.<p> + + +.B Example: + default service = pub + + [pub] + path = /%S + <p> + +<a name="delete readonly"> +<H3>delete readonly (S)</H3> +This parameter allows readonly files to be deleted. This is not normal DOS +semantics, but is allowed by UNIX.<p> + +This option may be useful for running applications such as rcs, where UNIX +file ownership prevents changing file permissions, and DOS semantics prevent +deletion of a read only file.<p> + +.B Default: + delete readonly = No<p> + +.B Example: + delete readonly = Yes +<a name="deny hosts"> +<H3>deny hosts (S)</H3> +A synonym for this parameter is 'hosts deny'.<p> + +The opposite of 'allow hosts' - hosts listed here are NOT permitted +access to services unless the specific services have their own lists to +override this one. Where the lists conflict, the 'allow' list takes precedence.<p> + +.B Default: + none (i.e., no hosts specifically excluded)<p> + +.B Example: + deny hosts = 150.203.4. badhost.mynet.edu.au<p> + +<a name="delete veto files"> +<H3>delete veto files (S)</H3><p> + +This option is used when Samba is attempting to delete a directory +that contains one or more vetoed directories (see the 'veto files' option). +If this option is set to False (the default) then if a vetoed directory +contains any non-vetoed files or directories then the directory delete +will fail. This is usually what you want. <p> + +If this option is set to True, then Samba will attempt +to recursively delete any files and directories within the vetoed +directory. This can be useful for integration with file serving +systems such as Netatalk, which create meta-files within directories +you might normally veto DOS/Windows users from seeing (eg. .AppleDouble)<p> + +Setting 'delete veto files = True' allows these directories to be +transparently deleted when the parent directory is deleted (so long +as the user has permissions to do so).<p> + +.B Default: + delete veto files = False<p> + +.B Example: + delete veto files = True<p> + +See +.B veto files<p> + +<a name="dfree command"> +<H3>dfree command (G)</H3> +The dfree command setting should only be used on systems where a +problem occurs with the internal disk space calculations. This has +been known to happen with Ultrix, but may occur with other operating +systems. The symptom that was seen was an error of "Abort Retry +Ignore" at the end of each directory listing.<p> + +This setting allows the replacement of the internal routines to +calculate the total disk space and amount available with an external +routine. The example below gives a possible script that might fulfill +this function. <p> + +The external program will be passed a single parameter indicating a +directory in the filesystem being queried. This will typically consist +of the string "./". The script should return two integers in ascii. The +first should be the total disk space in blocks, and the second should +be the number of available blocks. An optional third return value +can give the block size in bytes. The default blocksize is 1024 bytes.<p> + +Note: Your script should NOT be setuid or setgid and should be owned by +(and writable only by) root!<p> + +.B Default: + By default internal routines for determining the disk capacity +and remaining space will be used.<p> + +.B Example: + dfree command = /usr/local/samba/bin/dfree<p> + + Where the script dfree (which must be made executable) could be<p> + +.nf + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' +.fi<p> + + or perhaps (on Sys V)<p> + +.nf + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' +.fi<p> + + Note that you may have to replace the command names with full +path names on some systems. +<a name="directory"> +<H3>directory (S)</H3> +See +.B path.<p> + +<a name="directory mask"> +<H3>directory mask (S)</H3> +A synonym for this parameter is 'directory mode'.<p> + +This parameter is the octal modes which are used when converting DOS modes +to UNIX modes when creating UNIX directories.<p> + +When a directory is created, the neccessary permissions are calculated +according to the mapping from DOS modes to UNIX permissions, and +the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. +This parameter may be thought of as a bit-wise MASK for the UNIX +modes of a directory. Any bit *not* set here will be removed from the +modes set on a directory when it is created.<p> + +The default value of this parameter removes the 'group' and 'other' +write bits from the UNIX mode, allowing only the user who owns the +directory to modify it.<p> + +Following this Samba will bit-wise 'OR' the UNIX mode created from +this parameter with the value of the "force directory mode" parameter. +This parameter is set to 000 by default (ie. no extra mode bits are added).<p> + +See the "force directory mode" parameter to cause particular mode +bits to always be set on created directories.<p> + +See also the "create mode" parameter for masking mode bits on created +files.<p> + +.B Default: + directory mask = 0755<p> + +.B Example: + directory mask = 0775<p> + +<a name="directory mode"> +<H3>directory mode (S)</H3> +See +.B directory mask.<p> + +<a name="dns proxy"> +<H3>dns proxy (G)</H3><p> + +Specifies that nmbd should (as a WINS server), on finding that a NetBIOS +name has not been registered, treat the NetBIOS name word-for-word as +a DNS name.<p> + +Note that the maximum length for a NetBIOS name is 15 +characters, so the DNS name (or DNS alias) can likewise only be 15 +characters, maximum.<p> + +Note also that nmbd will block completely until the DNS name is resolved. +This will result in temporary loss of browsing and WINS services. +Enable this option only if you are certain that DNS resolution is fast, +or you can live with the consequences of periodic pauses in nmbd service.<p> + +.B Default: + dns proxy = yes<p> + +<a name="domain controller"> +<H3>domain controller (G)</H3><p> + +Specifies the DNS name or IP address of the machine to refer domain +logons from Win95 machines to. You should never need to set this parameter.<p> + +.B Default: + domain controller = no<p> + +<a name="domain logons"> +<H3>domain logons (G)</H3><p> + +If set to true, the Samba server will serve Windows 95 domain logons +for the workgroup it is in. For more details on setting up this feature +see the file DOMAINS.txt in the Samba source documentation directory.<p> + +.B Default: + domain logons = no<p> + +<a name="domain master"> +<H3>domain master (G)</H3><p> + +Enable WAN-wide browse list collation. Local master browsers on +broadcast-isolated subnets will give samba their local browse lists, and +ask for a complete copy of the browse list for the whole wide area network. +Browser clients will then contact their local master browser, and will +receive the domain-wide browse list, instead of just the list for their +broadcast-isolated subnet.<p> + +.B Default: + domain master = no<p> + +<a name="dont descend"> +<H3>dont descend (S)</H3> +There are certain directories on some systems (eg., the /proc tree under +Linux) that are either not of interest to clients or are infinitely deep +(recursive). This parameter allows you to specify a comma-delimited list +of directories that the server should always show as empty.<p> + +Note that Samba can be very fussy about the exact format of the "dont +descend" entries. For example you may need "./proc" instead of just +"/proc". Experimentation is the best policy :-)<p> + +.B Default: + none (i.e., all directories are OK to descend)<p> + +.B Example: + dont descend = /proc,/dev<p> + +<a name="dos filetimes"> +<H3>dos filetimes (S)</H3> +Under DOS and Windows, if a user can write to a file they can change +the timestamp on it. Under POSIX semantics, only the owner of the file +or root may change the timestamp. By default, Samba runs with POSIX +semantics and refuses to change the timestamp on a file if the user +smbd is acting on behalf of is not the file owner. Setting this option +to True allows DOS semantics and smbd will change the file timstamp as +DOS requires. This is a correct implementation of a previous compile-time +options (UTIME_WORKAROUND) which was broken and is now removed.<p> + +.B Default: + dos filetimes = False<p> + +.B Example: + dos filetimes = True<p> + +<a name="dos filetime resolution"> +<H3>dos filetime resolution (S)</H3> +Under the DOS and Windows FAT filesystem, the finest granulatity on +time resolution is two seconds. Setting this parameter for a share +causes Samba to round the reported time down to the nearest two +second boundary when a query call that requires one second resolution +is made to smbd. <p> + +This option is mainly used as a compatibility option for Visual C++ +when used against Samba shares. If oplocks are enabled on a share, +Visual C++ uses two different time reading calls to check if a file +has changed since it was last read. One of these calls uses a one-second +granularity, the other uses a two second granularity. As the two second +call rounds any odd second down, then if the file has a timestamp of an +odd number of seconds then the two timestamps will not match and Visual +C++ will keep reporting the file has changed. Setting this option causes +the two timestamps to match, and Visual C++ is happy.<p> + +.B Default: + dos filetime resolution = False<p> + +.B Example: + dos filetime resolution = True<p> + +<a name="encrypt passwords"> +<H3>encrypt passwords (G)</H3><p> + +This boolean controls whether encrypted passwords will be negotiated +with the client. Note that this option has no effect if you haven't +compiled in the necessary des libraries and encryption code. It +defaults to no.<p> + +<a name="exec"> +<H3>exec (S)</H3><p> + +This is an alias for preexec<p> + +<a name="fake oplocks"> +<H3>fake oplocks (S)</H3><p> + +Oplocks are the way that SMB clients get permission from a server to +locally cache file operations. If a server grants an oplock +(opportunistic lock) then the client is free to assume that it is the +only one accessing the file and it will aggressively cache file +data. With some oplock types the client may even cache file open/close +operations. This can give enormous performance benefits.<p> + +When you set "fake oplocks = yes" Samba will always grant oplock +requests no matter how many clients are using the file. <p> + +By enabling this option on all read-only shares or shares that you know +will only be accessed from one client at a time you will see a big +performance improvement on many operations. If you enable this option +on shares where multiple clients may be accessing the files read-write +at the same time you can get data corruption. Use this option +carefully! <p> + +It is generally much better to use the real oplock support except for +physically read-only media such as CDROMs.<p> + +This option is disabled by default.<p> + +<a name="follow symlinks"> +<H3>follow symlinks (S)</H3><p> + +This parameter allows the Samba administrator to stop smbd from +following symbolic links in a particular share. Setting this +parameter to "No" prevents any file or directory that is a +symbolic link from being followed (the user will get an error). +This option is very useful to stop users from adding a symbolic +link to /etc/pasword in their home directory for instance. +However it will slow filename lookups down slightly.<p> + +This option is enabled (ie. smbd will follow symbolic links) +by default.<p> + +<a name="force create mode"> +<H3>force create mode (S)</H3> +This parameter specifies a set of UNIX mode bit permissions that +will *always* be set on a file created by Samba. This is done +by bitwise 'OR'ing these bits onto the mode bits of a file that +is being created. The default for this parameter is (in octel) +000. The modes in this parameter are bitwise 'OR'ed onto the +file mode after the mask set in the "create mask" parameter +is applied.<p> + +See also the parameter "create mask" for details on masking mode +bits on created files.<p> + +.B Default: + force create mode = 000<p> + +.B Example: + force create mode = 0755<p> + +would force all created files to have read and execute permissions +set for 'group' and 'other' as well as the read/write/execute bits +set for the 'user'.<p> + +<a name="force directory mode"> +<H3>force directory mode (S)</H3> +This parameter specifies a set of UNIX mode bit permissions that +will *always* be set on a directory created by Samba. This is done +by bitwise 'OR'ing these bits onto the mode bits of a directory that +is being created. The default for this parameter is (in octel) +0000 which will not add any extra permission bits to a created +directory. This operation is done after the mode mask in the parameter +"directory mask" is applied.<p> + +See also the parameter "directory mask" for details on masking mode +bits on created directories.<p> + +.B Default: + force directory mode = 000<p> + +.B Example: + force directory mode = 0755<p> + +would force all created directories to have read and execute permissions +set for 'group' and 'other' as well as the read/write/execute bits +set for the 'user'.<p> + +<a name="force group"> +<H3>force group (S)</H3> +This specifies a group name that all connections to this service +should be made as. This may be useful for sharing files.<p> + +.B Default: + no forced group<p> + +.B Example: + force group = agroup<p> + +<a name="force user"> +<H3>force user (S)</H3> +This specifies a user name that all connections to this service +should be made as. This may be useful for sharing files. You should +also use it carefully as using it incorrectly can cause security +problems.<p> + +This user name only gets used once a connection is established. Thus +clients still need to connect as a valid user and supply a valid +password. Once connected, all file operations will be performed as the +"forced user", not matter what username the client connected as.<p> + +.B Default: + no forced user<p> + +.B Example: + force user = auser<p> + +<a name="getwd cache"> +<H3>getwd cache (G)</H3> +This is a tuning option. When this is enabled a cacheing algorithm will +be used to reduce the time taken for getwd() calls. This can have a +significant impact on performance, especially when widelinks is False.<p> + +.B Default: + getwd cache = No<p> + +.B Example: + getwd cache = Yes<p> + +<a name="group"> +<H3>group (S)</H3> +This is an alias for "force group" and is only kept for compatibility +with old versions of Samba. It may be removed in future versions.<p> + +<a name="guest account"> +<H3>guest account (S)</H3> +This is a username which will be used for access to services which are +specified as 'guest ok' (see below). Whatever privileges this user has +will be available to any client connecting to the guest +service. Typically this user will exist in the password file, but will +not have a valid login. If a username is specified in a given service, +the specified username overrides this one.<p> + +One some systems the account "nobody" may not be able to print. Use +another account in this case. You should test this by trying to log in +as your guest user (perhaps by using the "su \-" command) and trying to +print using +.BR lpr .<p> + +Note that as of version 1.9 of Samba this option may be set +differently for each service.<p> + +.B Default: + specified at compile time<p> + +.B Example: + guest account = nobody +<a name="guest ok"> +<H3>guest ok (S)</H3> +See +.B public. +<a name="guest only"> +<H3>guest only (S)</H3> +If this parameter is 'yes' for a service, then only guest connections to the +service are permitted. This parameter will have no affect if "guest ok" or +"public" is not set for the service.<p> + +See the section below on user/password validation for more information about +this option.<p> + +.B Default: + guest only = no<p> + +.B Example: + guest only = yes +<a name="hide dot files"> +<H3>hide dot files (S)</H3> +This is a boolean parameter that controls whether files starting with +a dot appear as hidden files.<p> + +.B Default: + hide dot files = yes<p> + +.B Example: + hide dot files = no<p> + + +<a name="hide file"> +<H3>hide files(S)</H3> +This is a list of files or directories that are not visible but are +accessible. The DOS 'hidden' attribute is applied to any files or +directories that match.<p> + +Each entry in the list must be separated by a "/", which allows spaces +to be included in the entry. '*' and '?' can be used to specify multiple +files or directories as in DOS wildcards.<p> + +Each entry must be a unix path, not a DOS path and must not include the +unix directory separator "/".<p> + +Note that the case sensitivity option is applicable in hiding files.<p> + +Setting this parameter will affect the performance of Samba, as +it will be forced to check all files and directories for a match +as they are scanned.<p> + +See also "hide dot files", "veto files" and "case sensitive"<p> + +.B Default + No files or directories are hidden by this option (dot files are + hidden by default because of the "hide dot files" option).<p> + +.B Example + hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/<p> + +The above example is based on files that the Macintosh client (DAVE) +creates for internal use, and also still hides all files beginning with +a dot.<p> + +<a name="homedir map"> +<H3>homedir map (G)</H3> +If "nis homedir" is true, this parameter specifies the NIS (or YP) map +from which the server for the user's home directory should be extracted. +At present, only the Sun auto.home map format is understood. The form of +the map is:<p> + +username server:/some/file/system<p> + +and the program will extract the servername from before the first ':'. +There should probably be a better parsing system that copes with different +map formats and also Amd (another automounter) maps.<p> + +NB: The -DNETGROUP option is required in the Makefile for option to work +and on some architectures the line -lrpcsvc needs to be added to the +LIBSM variable. This is required for Solaris 2, FreeBSD and HPUX.<p> + +See also "nis homedir"<p> + +.B Default: + homedir map = auto.home<p> + +.B Example: + homedir map = amd.homedir +<a name="hosts allow"> +<H3>hosts allow (S)</H3> +See +.B allow hosts. +<a name="hosts deny"> +<H3>hosts deny (S)</H3> +See +.B deny hosts.<p> + +<a name="hosts equiv"> +<H3>hosts equiv (G)</H3> +If this global parameter is a non-null string, it specifies the name of +a file to read for the names of hosts and users who will be allowed access +without specifying a password.<p> + +This is not be confused with +.B allow hosts +which is about hosts access to services and is more useful for guest services. +.B hosts equiv +may be useful for NT clients which will not supply passwords to samba.<p> + +NOTE: The use of hosts.equiv can be a major security hole. This is +because you are trusting the PC to supply the correct username. It is +very easy to get a PC to supply a false username. I recommend that the +hosts.equiv option be only used if you really know what you are doing, +or perhaps on a home network where you trust your wife and kids :-)<p> + +.B Default + No host equivalences<p> + +.B Example + hosts equiv = /etc/hosts.equiv<p> + +<a name="include"> +<H3>include (G)</H3><p> + +This allows you to include one config file inside another. The file is +included literally, as though typed in place.<p> + +It takes the standard substitutions, except %u, %P and %S<p> + +<a name="interfaces"> +<H3>interfaces (G)</H3><p> + +This option allows you to setup multiple network interfaces, so that +Samba can properly handle browsing on all interfaces.<p> + +The option takes a list of ip/netmask pairs. The netmask may either be +a bitmask, or a bitlength. <p> + +For example, the following line:<p> + +interfaces = 192.168.2.10/24 192.168.3.10/24<p> + +would configure two network interfaces with IP addresses 192.168.2.10 +and 192.168.3.10. The netmasks of both interfaces would be set to +255.255.255.0. <p> + +You could produce an equivalent result by using:<p> + +interfaces = 192.168.2.10/255.255.255.0 192.168.3.10/255.255.255.0<p> + +if you prefer that format.<p> + +If this option is not set then Samba will attempt to find a primary +interface, but won't attempt to configure more than one interface.<p> + +<a name="invalid users"> +<H3>invalid users (S)</H3> +This is a list of users that should not be allowed to login to this +service. This is really a "paranoid" check to absolutely ensure an +improper setting does not breach your security.<p> + +A name starting with @ is interpreted as a UNIX group.<p> + +The current servicename is substituted for %S. This is useful in the +[homes] section.<p> + +See also "valid users"<p> + +.B Default + No invalid users<p> + +.B Example + invalid users = root fred admin @wheel<p> + +<a name="keepalive"> +<H3>keepalive (G)</H3> +The value of the parameter (an integer) represents the number of seconds +between 'keepalive' packets. If this parameter is zero, no keepalive packets +will be sent. Keepalive packets, if sent, allow the server to tell whether a +client is still present and responding.<p> + +Keepalives should, in general, not be needed if the socket being used +has the SO_KEEPALIVE attribute set on it (see "socket +options"). Basically you should only use this option if you strike +difficulties.<p> + +.B Default: + keep alive = 0<p> + +.B Example: + keep alive = 60<p> + +<a name="lm announce"> +<H3>lm announce (G)</H3><p> + +This parameter determines if Samba will produce Lanman announce +broadcasts that are needed by OS/2 clients in order for them to +see the Samba server in their browse list. This parameter can +have three values, true, false, or auto. The default is auto. +If set to False Samba will never produce these broadcasts. If +set to true Samba will produce Lanman announce broadcasts at +a frequency set by the parameter 'lm interval'. If set to auto +Samba will not send Lanman announce broadcasts by default but +will listen for them. If it hears such a broadcast on the wire +it will then start sending them at a frequency set by the parameter +'lm interval'.<p> + +See also "lm interval".<p> + +.B Default: + lm announce = auto<p> + +.B Example: + lm announce = true<p> + +<a name="lm interval"> +<H3>lm interval (G)</H3><p> + +If Samba is set to produce Lanman announce broadcasts needed +by OS/2 clients (see the "lm announce" parameter) this parameter +defines the frequency in seconds with which they will be made. +If this is set to zero then no Lanman announcements will be +made despite the setting of the "lm announce" parameter.<p> + +See also "lm announce".<p> + +.B Default: + lm interval = 60<p> + +.B Example: + lm interval = 120<p> + +<a name="load printers"> +<H3>load printers (G)</H3> +A boolean variable that controls whether all printers in the printcap +will be loaded for browsing by default. <p> + +.B Default: + load printers = yes<p> + +.B Example: + load printers = no<p> + +<a name="local master"> +<H3>local master (G)</H3> +This option allows the nmbd to become a local master browser on a +subnet. If set to False then nmbd will not attempt to become a local +master browser on a subnet and will also lose in all browsing elections. +By default this value is set to true. Setting this value to true doesn't +mean that Samba will become the local master browser on a subnet, just +that the nmbd will participate in elections for local master browser.<p> + +.B Default: + local master = yes<p> + +<a name="lock directory"> +<H3>lock directory (G)</H3> +This option specifies the directory where lock files will be placed. +The lock files are used to implement the "max connections" option.<p> + +.B Default: + lock directory = /tmp/samba<p> + +.B Example: + lock directory = /usr/local/samba/var/locks<p> + +<a name="locking"> +<H3>locking (S)</H3> +This controls whether or not locking will be performed by the server in +response to lock requests from the client.<p> + +If "locking = no", all lock and unlock requests will appear to succeed and +all lock queries will indicate that the queried lock is clear.<p> + +If "locking = yes", real locking will be performed by the server.<p> + +This option may be particularly useful for read-only filesystems which +do not need locking (such as cdrom drives).<p> + +Be careful about disabling locking either globally or in a specific +service, as lack of locking may result in data corruption.<p> + +.B Default: + locking = yes<p> + +.B Example: + locking = no<p> + +<a name="log file"> +<H3>log file (G)</H3><p> + +This options allows you to override the name of the Samba log file +(also known as the debug file).<p> + +This option takes the standard substitutions, allowing you to have +separate log files for each user or machine.<p> + +.B Example: + log file = /usr/local/samba/var/log.%m<p> + +<a name="log level"> +<H3>log level (G)</H3> +see "debug level"<p> + +<a name="logon drive"> +<H3>logon drive (G)</H3><p> + +This parameter specifies the local path to which the home directory +will be connected (see "logon home") and is only used by NT Workstations.<p> + +.B Example: + logon drive = h:<p> + +<a name="logon home"> +<H3>logon home (G)</H3><p> + +This parameter specifies the home directory location when a Win95 or +NT Workstation logs into a Samba PDC. It allows you to do "NET USE +H: /HOME" from a command prompt, for example.<p> + +.B +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine.<p> + +.B Example: + logon home = "\\\\remote_smb_server\\%U"<p> + +.B Default: + logon home = "\\\\%N\\%U"<p> + +<a name="logon path"> +<H3>logon path (G)</H3><p> + +This parameter specifies the home directory where roaming profiles +(USER.DAT / USER.MAN files for Windows 95) are stored.<p> + +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine. It also specifies +the directory from which the "desktop", "start menu", "nethood" and +"programs" folders, and their contents, are loaded and displayed +on your Windows 95 client.<p> + +The share and the path must be readable by the user for the preferences +and directories to be loaded onto the Windows 95 client. The share +must be writeable when the logs in for the first time, in order that +the Windows 95 client can create the user.dat and other directories.<p> + +Thereafter, the directories and any of contents can, if required, +be made read-only. It is not adviseable that the USER.DAT file be made +read-only - rename it to USER.MAN to achieve the desired effect +(a MANdatory profile).<p> + +Windows clients can sometimes maintain a connection to the [homes] +share, even though there is no user logged in. Therefore, it is +vital that the logon path does not include a reference to the +homes share (i.e \\\\%N\\HOMES\profile_path will cause problems).<p> + +.B +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine.<p> + +.B Default: + logon path = \\\\%N\\%U\\profile<p> + +.B Example: + logon path = \\\\PROFILESERVER\\HOME_DIR\\%U\\PROFILE<p> + +<a name="logon script"> +<H3>logon script (G)</H3><p> + +This parameter specifies the batch file (.bat) or NT command file (.cmd) +to be downloaded and run on a machine when a user successfully logs in. +The file must contain the DOS style cr/lf line endings. Using a DOS-style +editor to create the file is recommended.<p> + +The script must be a relative path to the [netlogon] service. If the +[netlogon] service specifies a path of /usr/local/samba/netlogon, and +logon script = STARTUP.BAT, then file that will be downloaded is:<p> + +.B /usr/local/samba/netlogon/STARTUP.BAT<p> + +The contents of the batch file is entirely your choice. A suggested +command would be to add NET TIME \\\\SERVER /SET /YES, to force every +machine to synchronise clocks with the same time server. Another use +would be to add NET USE U: \\\\SERVER\\UTILS for commonly used utilities, +or NET USE Q: \\\\SERVER\\ISO9001_QA.<p> + +Note that it is particularly important not to allow write access to +the [netlogon] share, or to grant users write permission on the +batch files in a secure environment, as this would allow the batch +files to be arbitrarily modified.<p> + +.B +This option takes the standard substitutions, allowing you to have +separate logon scripts for each user or machine.<p> + +.B Example: + logon script = scripts/%U.bat<p> + +<a name="lppause command"> +<H3>lppause command (S)</H3> +This parameter specifies the command to be executed on the server host in +order to stop printing or spooling a specific print job.<p> + +This command should be a program or script which takes a printer name and +job number to pause the print job. Currently I don't know of any print +spooler system that can do this with a simple option, except for the PPR +system from Trinity College (ppr\-dist.trincoll.edu/pub/ppr). One way +of implementing this is by using job priorities, where jobs having a too +low priority won't be sent to the printer. See also the +.B lppause +command.<p> + +If a %p is given then the printername is put in its place. A %j is +replaced with the job number (an integer). +On HPUX (see printing=hpux), if the -p%p option is added to the lpq +command, the job will show up with the correct status, i.e. if the job +priority is lower than the set fence priority it will have the PAUSED +status, whereas if the priority is equal or higher it will have the +SPOOLED or PRINTING status.<p> + +Note that it is good practice to include the absolute path in the lppause +command as the PATH may not be available to the server.<p> + +.B Default: + Currently no default value is given to this string<p> + +.B Example for HPUX: + lppause command = /usr/bin/lpalt %p-%j -p0<p> + +<a name="lpq cache time"> +<H3>lpq cache time (G)</H3><p> + +This controls how long lpq info will be cached for to prevent the lpq +command being called too often. A separate cache is kept for each +variation of the lpq command used by the system, so if you use +different lpq commands for different users then they won't share cache +information.<p> + +The cache files are stored in /tmp/lpq.xxxx where xxxx is a hash +of the lpq command in use.<p> + +The default is 10 seconds, meaning that the cached results of a +previous identical lpq command will be used if the cached data is less +than 10 seconds old. A large value may be advisable if your lpq +command is very slow.<p> + +A value of 0 will disable cacheing completely.<p> + +.B Default: + lpq cache time = 10<p> + +.B Example: + lpq cache time = 30<p> + +<a name="lpq command"> +<H3>lpq command (S)</H3> +This parameter specifies the command to be executed on the server host in +order to obtain "lpq"-style printer status information. <p> + +This command should be a program or script which takes a printer name +as its only parameter and outputs printer status information. <p> + +Currently six styles of printer status information are supported; BSD, +SYSV, AIX, HPUX, QNX, LPRNG and PLP. This covers most UNIX systems. You +control which type is expected using the "printing =" option.<p> + +Some clients (notably Windows for Workgroups) may not correctly send the +connection number for the printer they are requesting status information +about. To get around this, the server reports on the first printer service +connected to by the client. This only happens if the connection number sent +is invalid.<p> + +If a %p is given then the printername is put in its place. Otherwise +it is placed at the end of the command.<p> + +Note that it is good practice to include the absolute path in the lpq +command as the PATH may not be available to the server.<p> + +.B Default: + depends on the setting of "printing ="<p> + +.B Example: + lpq command = /usr/bin/lpq %p<p> + +<a name="lpresume command"> +<H3>lpresume command (S)</H3> +This parameter specifies the command to be executed on the server host in +order to restart or continue printing or spooling a specific print job.<p> + +This command should be a program or script which takes a printer name and +job number to resume the print job. See also the lppause command.<p> + +If a %p is given then the printername is put in its place. A %j is +replaced with the job number (an integer).<p> + +Note that it is good practice to include the absolute path in the lpresume +command as the PATH may not be available to the server.<p> + +.B Default: + Currently no default value is given to this string<p> + +.B Example for HPUX: + lpresume command = /usr/bin/lpalt %p-%j -p2<p> + +<a name="lprm command"> +<H3>lprm command (S)</H3> +This parameter specifies the command to be executed on the server host in +order to delete a print job.<p> + +This command should be a program or script which takes a printer name +and job number, and deletes the print job.<p> + +Currently seven styles of printer control are supported; BSD, SYSV, AIX +HPUX, QNX, LPRNG and PLP. This covers most UNIX systems. You control +which type is expected using the "printing =" option.<p> + +If a %p is given then the printername is put in its place. A %j is +replaced with the job number (an integer).<p> + +Note that it is good practice to include the absolute path in the lprm +command as the PATH may not be available to the server.<p> + +.B Default: + depends on the setting of "printing ="<p> + +.B Example 1: + lprm command = /usr/bin/lprm -P%p %j<p> + +.B Example 2: + lprm command = /usr/bin/cancel %p-%j<p> + +<a name="magic output"> +<H3>magic output (S)</H3> +This parameter specifies the name of a file which will contain output +created by a magic script (see +.I magic script +below).<p> + +Warning: If two clients use the same magic script in the same directory the +output file content is undefined. +.B Default: + magic output = <magic script name>.out<p> + +.B Example: + magic output = myfile.txt +<a name="magic script"> +<H3>magic script (S)</H3> +This parameter specifies the name of a file which, if opened, will be +executed by the server when the file is closed. This allows a UNIX script +to be sent to the Samba host and executed on behalf of the connected user.<p> + +Scripts executed in this way will be deleted upon completion, permissions +permitting.<p> + +If the script generates output, output will be sent to the file specified by +the +.I magic output +parameter (see above).<p> + +Note that some shells are unable to interpret scripts containing +carriage-return-linefeed instead of linefeed as the end-of-line +marker. Magic scripts must be executable "as is" on the host, which +for some hosts and some shells will require filtering at the DOS end.<p> + +Magic scripts are EXPERIMENTAL and should NOT be relied upon.<p> + +.B Default: + None. Magic scripts disabled.<p> + +.B Example: + magic script = user.csh<p> + +<a name="mangle case"> +<H3>mangle case (S)</H3><p> + +See the section on "NAME MANGLING"<p> + +<a name="mangled map"> +<H3>mangled map (S)</H3> +This is for those who want to directly map UNIX file names which are +not representable on DOS. The mangling of names is not always what is +needed. In particular you may have documents with file extensions +that differ between DOS and UNIX. For example, under UNIX it is common +to use .html for HTML files, whereas under DOS .htm is more commonly +used.<p> + +So to map 'html' to 'htm' you put:<p> + + mangled map = (*.html *.htm)<p> + +One very useful case is to remove the annoying ;1 off the ends of +filenames on some CDROMS (only visible under some UNIXes). To do this +use a map of (*;1 *)<p> + +.B default: + no mangled map<p> + +.B Example: + mangled map = (*;1 *)<p> + +<a name="mangled names"> +<H3>mangled names (S)</H3> +This controls whether non-DOS names under UNIX should be mapped to +DOS-compatible names ("mangled") and made visible, or whether non-DOS names +should simply be ignored.<p> + +See the section on "NAME MANGLING" for details on how to control the +mangling process.<p> + +If mangling is used then the mangling algorithm is as follows: +.RS +- the first (up to) five alphanumeric characters before the rightmost dot of +the filename are preserved, forced to upper case, and appear as the first (up +to) five characters of the mangled name.<p> + +- a tilde ("~") is appended to the first part of the mangled name, followed +by a two-character unique sequence, based on the original root name +(i.e., the original filename minus its final extension). The final +extension is included in the hash calculation only if it contains any upper +case characters or is longer than three characters.<p> + +Note that the character to use may be specified using the "mangling +char" option, if you don't like ~.<p> + +- the first three alphanumeric characters of the final extension are preserved, +forced to upper case and appear as the extension of the mangled name. The +final extension is defined as that part of the original filename after the +rightmost dot. If there are no dots in the filename, the mangled name will +have no extension (except in the case of hidden files - see below).<p> + +- files whose UNIX name begins with a dot will be presented as DOS hidden +files. The mangled name will be created as for other filenames, but with the +leading dot removed and "___" as its extension regardless of actual original +extension (that's three underscores). +.RE<p> + +The two-digit hash value consists of upper case alphanumeric characters.<p> + +This algorithm can cause name collisions only if files in a directory share +the same first five alphanumeric characters. The probability of such a clash +is 1/1300.<p> + +The name mangling (if enabled) allows a file to be copied between UNIX +directories from DOS while retaining the long UNIX filename. UNIX files can +be renamed to a new extension from DOS and will retain the same basename. +Mangled names do not change between sessions.<p> + +.B Default: + mangled names = yes<p> + +.B Example: + mangled names = no +<a name="mangling char"> +<H3>mangling char (S)</H3> +This controls what character is used as the "magic" character in name +mangling. The default is a ~ but this may interfere with some +software. Use this option to set it to whatever you prefer.<p> + +.B Default: + mangling char = ~<p> + +.B Example: + mangling char = ^<p> + +<a name="mangled stack"> +<H3>mangled stack (G)</H3> +This parameter controls the number of mangled names that should be cached in +the Samba server.<p> + +This stack is a list of recently mangled base names (extensions are only +maintained if they are longer than 3 characters or contains upper case +characters).<p> + +The larger this value, the more likely it is that mangled names can be +successfully converted to correct long UNIX names. However, large stack +sizes will slow most directory access. Smaller stacks save memory in the +server (each stack element costs 256 bytes).<p> + +It is not possible to absolutely guarantee correct long file names, so +be prepared for some surprises!<p> + +.B Default: + mangled stack = 50<p> + +.B Example: + mangled stack = 100<p> + +<a name="map archive"> +<H3>map archive (S)</H3> +This controls whether the DOS archive attribute should be mapped to the +UNIX owner execute bit. The DOS archive bit is set when a file has been modified +since its last backup. One motivation for this option it to keep Samba/your +PC from making any file it touches from becoming executable under UNIX. +This can be quite annoying for shared source code, documents, etc...<p> + +Note that this requires the 'create mask' to be set such that owner +execute bit is not masked out (ie. it must include 100). See the +parameter "create mask" for details.<p> + +.B Default: + map archive = yes<p> + +.B Example: + map archive = no<p> + +<a name="map hidden"> +<H3>map hidden (S)</H3> +This controls whether DOS style hidden files should be mapped to the +UNIX world execute bit.<p> + +Note that this requires the 'create mask' to be set such that the world +execute bit is not masked out (ie. it must include 001). +See the parameter "create mask" for details.<p> + +.B Default: + map hidden = no<p> + +.B Example: + map hidden = yes +<a name="map system"> +<H3>map system (S)</H3> +This controls whether DOS style system files should be mapped to the +UNIX group execute bit.<p> + +Note that this requires the 'create mask' to be set such that the group +execute bit is not masked out (ie. it must include 010). See the parameter +"create mask" for details.<p> + +.B Default: + map system = no<p> + +.B Example: + map system = yes +<a name="max connections"> +<H3>max connections (S)</H3> +This option allows the number of simultaneous connections to a +service to be limited. If "max connections" is greater than 0 then +connections will be refused if this number of connections to the +service are already open. A value of zero mean an unlimited number of +connections may be made.<p> + +Record lock files are used to implement this feature. The lock files +will be stored in the directory specified by the "lock directory" option.<p> + +.B Default: + max connections = 0<p> + +.B Example: + max connections = 10<p> + +<a name="max disk size"> +<H3>max disk size (G)</H3> +This option allows you to put an upper limit on the apparent size of +disks. If you set this option to 100 then all shares will appear to be +not larger than 100 MB in size.<p> + +Note that this option does not limit the amount of data you can put on +the disk. In the above case you could still store much more than 100 +MB on the disk, but if a client ever asks for the amount of free disk +space or the total disk size then the result will be bounded by the +amount specified in "max disk size".<p> + +This option is primarily useful to work around bugs in some pieces of +software that can't handle very large disks, particularly disks over +1GB in size.<p> + +A "max disk size" of 0 means no limit.<p> + +.B Default: + max disk size = 0<p> + +.B Example: + max disk size = 1000<p> + +<a name="max log size"> +<H3>max log size (G)</H3><p> + +This option (an integer in kilobytes) specifies the max size the log +file should grow to. Samba periodically checks the size and if it is +exceeded it will rename the file, adding a .old extension.<p> + +A size of 0 means no limit.<p> + +.B Default: + max log size = 5000<p> + +.B Example: + max log size = 1000<p> + +<a name="max mux"> +<H3>max mux (G)</H3><p> + +This option controls the maximum number of outstanding simultaneous SMB +operations that samba tells the client it will allow. You should never need +to set this parameter.<p> + +.B Default: + max mux = 50<p> + +<a name="max packet"> +<H3>max packet (G)</H3><p> + +A synonym for this parameter is 'packet size'.<p> + +<a name="max ttl"> +<H3>max ttl (G)</H3><p> + +This option tells nmbd what the default 'time to live' of NetBIOS +names should be (in seconds) when nmbd is requesting a name using +either a broadcast or from a WINS server. You should never need to +change this parameter.<p> + +.B Default: + max ttl = 14400<p> + +<a name="max wins ttl"> +<H3>max wins ttl (G)</H3><p> + +This option tells nmbd when acting as a WINS server (wins support = true) +what the maximum 'time to live' of NetBIOS names that nmbd will grant will +be (in seconds). You should never need to change this parameter. +The default is 3 days (259200 seconds).<p> + +.B Default: + max wins ttl = 259200<p> + +<a name="max xmit"> +<H3>max xmit (G)</H3><p> + +This option controls the maximum packet size that will be negotiated +by Samba. The default is 65535, which is the maximum. In some cases +you may find you get better performance with a smaller value. A value +below 2048 is likely to cause problems.<p> + +.B Default: + max xmit = 65535<p> + +.B Example: + max xmit = 8192<p> + +<a name="message command"> +<H3>message command (G)</H3><p> + +This specifies what command to run when the server receives a WinPopup +style message.<p> + +This would normally be a command that would deliver the message +somehow. How this is to be done is up to your imagination.<p> + +What I use is:<p> + + message command = csh -c 'xedit %s;rm %s' &<p> + +This delivers the message using xedit, then removes it +afterwards. NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN +IMMEDIATELY. That's why I have the & on the end. If it doesn't return +immediately then your PCs may freeze when sending messages (they +should recover after 30secs, hopefully).<p> + +All messages are delivered as the global guest user. The command takes +the standard substitutions, although %u won't work (%U may be better +in this case).<p> + +Apart from the standard substitutions, some additional ones apply. In +particular:<p> + +%s = the filename containing the message<p> + +%t = the destination that the message was sent to (probably the server +name)<p> + +%f = who the message is from<p> + +You could make this command send mail, or whatever else takes your +fancy. Please let me know of any really interesting ideas you have.<p> + +Here's a way of sending the messages as mail to root:<p> + +message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s<p> + +If you don't have a message command then the message won't be +delivered and Samba will tell the sender there was an +error. Unfortunately WfWg totally ignores the error code and carries +on regardless, saying that the message was delivered.<p> + +If you want to silently delete it then try "message command = rm %s".<p> + +For the really adventurous, try something like this:<p> + +message command = csh -c 'csh < %s |& /usr/local/samba/bin/smbclient \e + -M %m; rm %s' &<p> + +this would execute the command as a script on the server, then give +them the result in a WinPopup message. Note that this could cause a +loop if you send a message from the server using smbclient! You better +wrap the above in a script that checks for this :-)<p> + +.B Default: + no message command<p> + +.B Example: + message command = csh -c 'xedit %s;rm %s' &<p> + +<a name="min print space"> +<H3>min print space (S)</H3><p> + +This sets the minimum amount of free disk space that must be available +before a user will be able to spool a print job. It is specified in +kilobytes. The default is 0, which means no limit.<p> + +.B Default: + min print space = 0<p> + +.B Example: + min print space = 2000<p> + +<a name="min wins ttl"> +<H3>min wins ttl (G)</H3><p> + +This option tells nmbd when acting as a WINS server (wins support = true) +what the minimum 'time to live' of NetBIOS names that nmbd will grant will +be (in seconds). You should never need to change this parameter. +The default is 6 hours (21600 seconds).<p> + +.B Default: + min wins ttl = 21600<p> + + +<a name="netbios aliases"> +<H3>netbios aliases (G)</H3><p> + +This is a list of names that nmbd will advertise as additional +names by which the Samba server is known. This allows one machine +to appear in browse lists under multiple names. If a machine is +acting as a browse server or logon server none of these names +will be advertised as either browse server or logon servers, only +the primary name of the machine will be advertised with these +capabilities.<p> + +See also 'netbios name'.<p> + +.B Example: + netbios aliases = TEST TEST1 TEST2<p> + +<a name="netbios name"> +<H3>netbios name (G)</H3><p> + +This sets the NetBIOS name by which a Samba server is known. By +default it is the same as the first component of the host's DNS name. +If a machine is a browse server or logon server this name (or the +first component of the hosts DNS name) will be the name that these +services are advertised under.<p> + +See also 'netbios aliases'.<p> + +.B Example: + netbios name = MYNAME<p> + +<a name="nis homedir"> +<H3>nis homedir (G)</H3> +Get the home share server from a NIS (or YP) map. For unix systems that +use an automounter, the user's home directory will often be mounted on +a workstation on demand from a remote server. When the Samba logon server +is not the actual home directory server, two network hops are required +to access the home directory and this can be very slow especially with +writing via Samba to an NFS mounted directory. This option allows samba +to return the home share as being on a different server to the logon +server and as long as a samba daemon is running on the home directory +server, it will be mounted on the Samba client directly from the directory +server. When Samba is returning the home share to the client, it will +consult the NIS (or YP) map specified in "homedir map" and return the +server listed there.<p> + +.B Default: + nis homedir = false<p> + +.B Example: + nis homedir = true<p> + +<a name="networkstation user login"> +<H3>networkstation user login (G)</H3> +This global parameter (new for 1.9.18p3) affects server level security. +With this set (recommended) samba will do a full NetWkstaUserLogon to +confirm that the client really should have login rights. This can cause +problems with machines in trust relationships in which case you can +disable it here, but be warned, we have heard that some NT machines +will then allow anyone in with any password! Make sure you test it.<p> + +.B Default: + networkstation user login = yes<p> + +.B Example: + networkstation user login = no<p> + +<a name="null passwords"> +<H3>null passwords (G)</H3> +Allow or disallow access to accounts that have null passwords. <p> + +.B Default: + null passwords = no<p> + +.B Example: + null passwords = yes<p> + +<a name="only guest"> +<H3>only guest (S)</H3> +A synonym for this command is 'guest only'.<p> + +<a name="only user"> +<H3>only user (S)</H3> +This is a boolean option that controls whether connections with +usernames not in the user= list will be allowed. By default this +option is disabled so a client can supply a username to be used by +the server.<p> + +Note that this also means Samba won't try to deduce usernames from the +service name. This can be annoying for the [homes] section. To get +around this you could use "user = %S" which means your "user" list +will be just the service name, which for home directories is the name +of the user.<p> + +.B Default: + only user = False<p> + +.B Example: + only user = True<p> + +<a name="oplocks"> +<H3>oplocks (S)</H3> +This boolean option tells smbd whether to issue oplocks (opportunistic +locks) to file open requests on this share. The oplock code was introduced in +Samba 1.9.18 and can dramatically (approx 30% or more) improve the speed +of access to files on Samba servers. It allows the clients to agressively +cache files locally and you may want to disable this option for unreliable +network environments (it is turned on by default in Windows NT Servers). +For more information see the file Speed.txt in the Samba docs/ directory.<p> + +Oplocks may be selectively turned off on certain files on a per share basis. +See the 'veto oplock files' parameter.<p> + +.B Default: + oplocks = True<p> + +.B Example: + oplocks = False<p> + + +<a name="os level"> +<H3>os level (G)</H3> +This integer value controls what level Samba advertises itself as for +browse elections. See BROWSING.txt for details.<p> + +<a name="packet size"> +<H3>packet size (G)</H3> +The maximum transmit packet size during a raw read. This option is no +longer implemented as of version 1.7.00, and is kept only so old +configuration files do not become invalid.<p> + +<a name="passwd chat"> +<H3>passwd chat (G)</H3> +This string controls the "chat" conversation that takes places +between smbd and the local password changing program to change the +users password. The string describes a sequence of response-receive +pairs that smbd uses to determine what to send to the passwd program +and what to expect back. If the expected output is not received then +the password is not changed.<p> + +This chat sequence is often quite site specific, depending on what +local methods are used for password control (such as NIS+ etc).<p> + +The string can contain the macros %o and %n which are substituted for +the old and new passwords respectively. It can also contain the +standard macros \en \er \et and \es to give line-feed, carriage-return, +tab and space.<p> + +The string can also contain a * which matches any sequence of +characters.<p> + +Double quotes can be used to collect strings with spaces in them into +a single string.<p> + +If the send string in any part of the chat sequence is a fullstop "." +then no string is sent. Similarly, is the expect string is a fullstop +then no string is expected.<p> + +.B Example: + passwd chat = "*Enter OLD password*" %o\en "*Enter NEW password*" %n\en \e + "*Reenter NEW password*" %n\en "*Password changed*"<p> + + +.B Default: + passwd chat = *old*password* %o\en *new*password* %n\en *new*password* %n\en *changed*<p> + +<a name="passwd program"> +<H3>passwd program (G)</H3> +The name of a program that can be used to set user passwords.<p> + +This is only necessary if you have enabled remote password changing at +compile time. Any occurrences of %u will be replaced with the user +name.<p> + +Also note that many passwd programs insist in "reasonable" passwords, +such as a minimum length, or the inclusion of mixed case chars and +digits. This can pose a problem as some clients (such as Windows for +Workgroups) uppercase the password before sending it. <p> + +.B Default: + passwd program = /bin/passwd<p> + +.B Example: + passwd program = /sbin/passwd %u<p> + +<a name="password level"> +<H3>password level (G)</H3> +Some client/server combinations have difficulty with mixed-case passwords. +One offending client is Windows for Workgroups, which for some reason forces +passwords to upper case when using the LANMAN1 protocol, but leaves them alone +when using COREPLUS!<p> + +This parameter defines the maximum number of characters that may be upper case +in passwords.<p> + +For example, say the password given was "FRED". If +.B password level +is set to 1 (one), the following combinations would be tried if "FRED" failed: +"Fred", "fred", "fRed", "frEd", "freD". If +.B password level was set to 2 (two), the following combinations would also be +tried: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED". And so on.<p> + +The higher value this parameter is set to the more likely it is that a mixed +case password will be matched against a single case password. However, you +should be aware that use of this parameter reduces security and increases the +time taken to process a new connection.<p> + +A value of zero will cause only two attempts to be made - the password as is +and the password in all-lower case.<p> + +If you find the connections are taking too long with this option then +you probably have a slow crypt() routine. Samba now comes with a fast +"ufc crypt" that you can select in the Makefile. You should also make +sure the PASSWORD_LENGTH option is correct for your system in local.h +and includes.h. On most systems only the first 8 chars of a password +are significant so PASSWORD_LENGTH should be 8, but on some longer +passwords are significant. The includes.h file tries to select the +right length for your system.<p> + +.B Default: + password level = 0<p> + +.B Example: + password level = 4<p> + +<a name="password server"> +<H3>password server (G)</H3><p> + +By specifying the name of another SMB server (such as a WinNT box) +with this option, and using "security = server" you can get Samba to +do all its username/password validation via a remote server.<p> + +This options sets the name of the password server to use. It must be a +netbios name, so if the machine's netbios name is different from its +internet name then you may have to add its netbios name to +/etc/hosts.<p> + +The password server much be a machine capable of using the "LM1.2X002" +or the "LM NT 0.12" protocol, and it must be in user level security +mode. <p> + +NOTE: Using a password server means your UNIX box (running Samba) is +only as secure as your password server. DO NOT CHOOSE A PASSWORD +SERVER THAT YOU DON'T COMPLETELY TRUST.<p> + +Never point a Samba server at itself for password serving. This will +cause a loop and could lock up your Samba server!<p> + +The name of the password server takes the standard substitutions, but +probably the only useful one is %m, which means the Samba server will +use the incoming client as the password server. If you use this then +you better trust your clients, and you better restrict them with hosts +allow!<p> + +If you list several hosts in the "password server" option then smbd +will try each in turn till it finds one that responds. This is useful +in case your primary server goes down.<p> + +If you are using a WindowsNT server as your password server then you +will have to ensure that your users are able to login from the Samba +server, as the network logon will appear to come from there rather +than from the users workstation.<p> + +<a name="path"> +<H3>path (S)</H3> +A synonym for this parameter is 'directory'.<p> + +This parameter specifies a directory to which the user of the service is to +be given access. In the case of printable services, this is where print data +will spool prior to being submitted to the host for printing.<p> + +For a printable service offering guest access, the service should be readonly +and the path should be world-writable and have the sticky bit set. This is not +mandatory of course, but you probably won't get the results you expect if you +do otherwise.<p> + +Any occurrences of %u in the path will be replaced with the username +that the client is connecting as. Any occurrences of %m will be +replaced by the name of the machine they are connecting from. These +replacements are very useful for setting up pseudo home directories +for users.<p> + +Note that this path will be based on 'root dir' if one was specified. +.B Default: + none<p> + +.B Example: + path = /home/fred+ <p> + +<a name="postexec"> +<H3>postexec (S)</H3><p> + +This option specifies a command to be run whenever the service is +disconnected. It takes the usual substitutions. The command may be run +as the root on some systems.<p> + +An interesting example may be do unmount server resources:<p> + +postexec = /etc/umount /cdrom<p> + +See also preexec<p> + +.B Default: + none (no command executed)<p> + +.B Example: + postexec = echo \e"%u disconnected from %S from %m (%I)\e" >> /tmp/log<p> + +<a name="postscript"> +<H3>postscript (S)</H3> +This parameter forces a printer to interpret the print files as +postscript. This is done by adding a %! to the start of print output. <p> + +This is most useful when you have lots of PCs that persist in putting +a control-D at the start of print jobs, which then confuses your +printer.<p> + +.B Default: + postscript = False<p> + +.B Example: + postscript = True<p> + +<a name="preexec"> +<H3>preexec (S)</H3><p> + +This option specifies a command to be run whenever the service is +connected to. It takes the usual substitutions.<p> + +An interesting example is to send the users a welcome message every +time they log in. Maybe a message of the day? Here is an example:<p> + +preexec = csh -c 'echo \e"Welcome to %S!\e" | \e + /usr/local/samba/bin/smbclient -M %m -I %I' &<p> + +Of course, this could get annoying after a while :-)<p> + +See also postexec<p> + +.B Default: + none (no command executed)<p> + +.B Example: + preexec = echo \e"%u connected to %S from %m (%I)\e" >> /tmp/log<p> + +<a name="preferred master"> +<H3>preferred master (G)</H3> +This boolean parameter controls if Samba is a preferred master browser +for its workgroup. +If this is set to true, on startup, samba will force an election, +and it will have a slight advantage in winning the election. +It is recommended that this parameter is used in conjunction +with domain master = yes, so that samba can guarantee becoming +a domain master. <p> + +Use this option with caution, because if there are several hosts +(whether samba servers, Windows 95 or NT) that are preferred master +browsers on the same subnet, they will each periodically and continuously +attempt to become the local master browser. This will result in +unnecessary broadcast traffic and reduced browsing capabilities.<p> + +See +.B os level = nn<p> + +.B Default: + preferred master = no<p> + +<H3>preload</H3> +This is an alias for "auto services"<p> + +<a name="preload"> +<H3>preload</H3> +This is an alias for "auto services"<p> + +<a name="preserve case"> +<H3>preserve case (S)</H3><p> + +This controls if new filenames are created with the case that the +client passes, or if they are forced to be the "default" case.<p> + +.B Default: + preserve case = no<p> + +See the section on "NAME MANGLING" for a fuller discussion.<p> + +<a name="print command"> +<H3>print command (S)</H3> +After a print job has finished spooling to a service, this command will be +used via a system() call to process the spool file. Typically the command +specified will submit the spool file to the host's printing subsystem, but +there is no requirement that this be the case. The server will not remove the +spool file, so whatever command you specify should remove the spool file when +it has been processed, otherwise you will need to manually remove old spool +files.<p> + +The print command is simply a text string. It will be used verbatim, +with two exceptions: All occurrences of "%s" will be replaced by the +appropriate spool file name, and all occurrences of "%p" will be +replaced by the appropriate printer name. The spool file name is +generated automatically by the server, the printer name is discussed +below.<p> + +The full path name will be used for the filename if %s is not preceded +by a /. If you don't like this (it can stuff up some lpq output) then +use %f instead. Any occurrences of %f get replaced by the spool +filename without the full path at the front.<p> + +The print command MUST contain at least one occurrence of "%s" or %f - +the "%p" is optional. At the time a job is submitted, if no printer +name is supplied the "%p" will be silently removed from the printer +command.<p> + +If specified in the [global] section, the print command given will be used +for any printable service that does not have its own print command specified.<p> + +If there is neither a specified print command for a printable service nor a +global print command, spool files will be created but not processed and (most +importantly) not removed.<p> + +Note that printing may fail on some UNIXes from the "nobody" +account. If this happens then create an alternative guest account that +can print and set the "guest account" in the [global] section.<p> + +You can form quite complex print commands by realising that they are +just passed to a shell. For example the following will log a print +job, print the file, then remove it. Note that ; is the usual +separator for command in shell scripts.<p> + +print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s<p> + +You may have to vary this command considerably depending on how you +normally print files on your system.<p> + +.B Default: + print command = lpr -r -P %p %s<p> + +.B Example: + print command = /usr/local/samba/bin/myprintscript %p %s +<a name="print ok"> +<H3>print ok (S)</H3> +See +.B printable. +<a name="printable"> +<H3>printable (S)</H3> +A synonym for this parameter is 'print ok'.<p> + +If this parameter is 'yes', then clients may open, write to and submit spool +files on the directory specified for the service.<p> + +Note that a printable service will ALWAYS allow writing to the service path +(user privileges permitting) via the spooling of print data. The 'read only' +parameter controls only non-printing access to the resource.<p> + +.B Default: + printable = no<p> + +.B Example: + printable = yes<p> + +<a name="printcap name"> +<H3>printcap name (G)</H3> +This parameter may be used to override the compiled-in default printcap +name used by the server (usually /etc/printcap). See the discussion of the +[printers] section above for reasons why you might want to do this.<p> + +On SystemV systems that use lpstat to list available printers you +can use "printcap name = lpstat" to automatically obtain lists of +available printers. This is the default for systems that define +SYSV at compile time in Samba (this includes most SystemV based +systems). If "printcap name" is set to lpstat on these systems then +Samba will launch "lpstat -v" and attempt to parse the output to +obtain a printer list.<p> + +A minimal printcap file would look something like this:<p> + +print1|My Printer 1 +.br +print2|My Printer 2 +.br +print3|My Printer 3 +.br +print4|My Printer 4 +.br +print5|My Printer 5<p> + +where the | separates aliases of a printer. The fact that the second +alias has a space in it gives a hint to Samba that it's a comment.<p> + +NOTE: Under AIX the default printcap name is "/etc/qconfig". Samba +will assume the file is in AIX "qconfig" format if the string +"/qconfig" appears in the printcap filename.<p> + +.B Default: + printcap name = /etc/printcap<p> + +.B Example: + printcap name = /etc/myprintcap<p> + +<a name="printer"> +<H3>printer (S)</H3> +A synonym for this parameter is 'printer name'.<p> + +This parameter specifies the name of the printer to which print jobs spooled +through a printable service will be sent.<p> + +If specified in the [global] section, the printer name given will be used +for any printable service that does not have its own printer name specified.<p> + +.B Default: + none (but may be 'lp' on many systems)<p> + +.B Example: + printer name = laserwriter<p> + +<a name="printer driver"> +<H3>printer driver (S)</H3> +This option allows you to control the string that clients receive when +they ask the server for the printer driver associated with a +printer. If you are using Windows95 or WindowsNT then you can use this +to automate the setup of printers on your system.<p> + +You need to set this parameter to the exact string (case sensitive) +that describes the appropriate printer driver for your system. +If you don't know the exact string to use then you should first try +with no "printer driver" option set and the client will give you a +list of printer drivers. The appropriate strings are shown in a +scrollbox after you have chosen the printer manufacturer.<p> + +.B Example: + printer driver = HP LaserJet 4L<p> + +<a name="printer name"> +<H3>printer name (S)</H3> +See +.B printer.<p> + +<a name="printer driver file"> +<H3>printer driver file (G)</H3> +This parameter tells Samba where the printer driver definition file, +used when serving drivers to Windows 95 clients, is to be found. If +this is not set, the default is :<p> + +SAMBA_INSTALL_DIRECTORY/lib/printers.def<p> + +This file is created from Windows 95 'msprint.def' files found on the +Windows 95 client system. For more details on setting up serving of +printer drivers to Windows 95 clients, see the documentation file +docs/PRINTER_DRIVER.txt.<p> + +.B Default: + None (set in compile).<p> + +.B Example: + printer driver file = /usr/local/samba/printers/drivers.def<p> + +Related parameters. +.B printer driver location<p> + +<a name="printer driver location"> +<H3>printer driver location (S)</H3> +This parameter tells clients of a particular printer share where +to find the printer driver files for the automatic installation +of drivers for Windows 95 machines. If Samba is set up to serve +printer drivers to Windows 95 machines, this should be set to<p> + +\e\eMACHINE\ePRINTER$<p> + +Where MACHINE is the NetBIOS name of your Samba server, and PRINTER$ +is a share you set up for serving printer driver files. For more +details on setting this up see the documentation file +docs/PRINTER_DRIVER.txt.<p> + +.B Default: + None<p> + +.B Example: + printer driver location = \e\eMACHINE\ePRINTER$<p> + +Related paramerers. +.B printer driver file<p> + + +<a name="printing"> +<H3>printing (S)</H3> +This parameters controls how printer status information is interpreted +on your system, and also affects the default values for the "print +command", "lpq command" and "lprm command".<p> + +Currently six printing styles are supported. They are "printing = +bsd", "printing = sysv", "printing = hpux", "printing = aix", +"printing = qnx" and "printing = plp".<p> + +To see what the defaults are for the other print commands when using +these three options use the "testparm" program.<p> + +As of version 1.9.18 of Samba this option can be set on a per printer basis<p> + +<a name="protocol"> +<H3>protocol (G)</H3> +The value of the parameter (a string) is the highest protocol level that will +be supported by the server. <p> + +Possible values are CORE, COREPLUS, LANMAN1, LANMAN2 and NT1. The relative +merits of each are discussed in the README file.<p> + +Normally this option should not be set as the automatic negotiation +phase in the SMB protocol takes care of choosing the appropriate protocol.<p> + +.B Default: + protocol = NT1<p> + +.B Example: + protocol = LANMAN1 +<a name="public"> +<H3>public (S)</H3> +A synonym for this parameter is 'guest ok'.<p> + +If this parameter is 'yes' for a service, then no password is required +to connect to the service. Privileges will be those of the guest +account.<p> + +See the section below on user/password validation for more information about +this option.<p> + +.B Default: + public = no<p> + +.B Example: + public = yes +<a name="read list"> +<H3>read list (S)</H3> +This is a list of users that are given read-only access to a +service. If the connecting user is in this list then they will +not be given write access, no matter what the "read only" option +is set to. The list can include group names using the @group syntax.<p> + +See also the "write list" option<p> + +.B Default: + read list =<p> + +.B Example: + read list = mary, @students<p> + +<a name="read only"> +<H3>read only (S)</H3> +See +.B writable +and +.B write ok. +Note that this is an inverted synonym for writable and write ok. +<a name="read prediction"> +<H3>read prediction (G)</H3> +This options enables or disables the read prediction code used to +speed up reads from the server. When enabled the server will try to +pre-read data from the last accessed file that was opened read-only +while waiting for packets.<p> + +<H3>Default:</H3> + read prediction = False<p> + +<H3>Example:</H3> + read prediction = True +<a name="Default:</H3> + read prediction = False<p> + +<H3>Example:</H3> + read prediction = True +<H3>read raw"> +<H3>read raw (G)</H3> +This parameter controls whether or not the server will support raw reads when +transferring data to clients.<p> + +If enabled, raw reads allow reads of 65535 bytes in one packet. This +typically provides a major performance benefit.<p> + +However, some clients either negotiate the allowable block size incorrectly +or are incapable of supporting larger block sizes, and for these clients you +may need to disable raw reads.<p> + +In general this parameter should be viewed as a system tuning tool and left +severely alone. See also +.B write raw.<p> + +.B Default: + read raw = yes<p> + +.B Example: + read raw = no +<a name="read size"> +<H3>read size (G)</H3><p> + +The option "read size" affects the overlap of disk reads/writes with +network reads/writes. If the amount of data being transferred in +several of the SMB commands (currently SMBwrite, SMBwriteX and +SMBreadbraw) is larger than this value then the server begins writing +the data before it has received the whole packet from the network, or +in the case of SMBreadbraw, it begins writing to the network before +all the data has been read from disk.<p> + +This overlapping works best when the speeds of disk and network access +are similar, having very little effect when the speed of one is much +greater than the other.<p> + +The default value is 2048, but very little experimentation has been +done yet to determine the optimal value, and it is likely that the best +value will vary greatly between systems anyway. A value over 65536 is +pointless and will cause you to allocate memory unnecessarily.<p> + +.B Default: + read size = 2048<p> + +.B Example: + read size = 8192<p> + +<a name="remote announce"> +<H3>remote announce (G)</H3><p> + +This option allows you to setup nmbd to periodically announce itself +to arbitrary IP addresses with an arbitrary workgroup name. <p> + +This is useful if you want your Samba server to appear in a remote +workgroup for which the normal browse propagation rules don't +work. The remote workgroup can be anywhere that you can send IP +packets to.<p> + +For example:<p> + + remote announce = 192.168.2.255/SERVERS 192.168.4.255/STAFF<p> + +the above line would cause nmbd to announce itself to the two given IP +addresses using the given workgroup names. If you leave out the +workgroup name then the one given in the "workgroup" option is used +instead. <p> + +The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable.<p> + +This option replaces similar functionality from the nmbd lmhosts file.<p> + +<a name="remote browse sync"> +<H3>remote browse sync (G)</H3><p> + +This option allows you to setup nmbd to periodically request synchronisation +of browse lists with the master browser of a samba server that is on a remote +segment. This option will allow you to gain browse lists for multiple +workgroups across routed networks. This is done in a manner that does not work +with any non-samba servers.<p> + +This is useful if you want your Samba server and all local clients +to appear in a remote workgroup for which the normal browse propagation +rules don't work. The remote workgroup can be anywhere that you can send IP +packets to.<p> + +For example:<p> + + remote browse sync = 192.168.2.255 192.168.4.255<p> + +the above line would cause nmbd to request the master browser on the +specified subnets or addresses to synchronise their browse lists with +the local server.<p> + +The IP addresses you choose would normally be the broadcast addresses +of the remote networks, but can also be the IP addresses of known +browse masters if your network config is that stable. If a machine IP +address is given Samba makes NO attempt to validate that the remote +machine is available, is listening, nor that it is in fact the browse +master on it's segment.<p> + + +<a name="revalidate"> +<H3>revalidate (S)</H3><p> + +This options controls whether Samba will allow a previously validated +username/password pair to be used to attach to a share. Thus if you +connect to \e\eserver\eshare1 then to \e\eserver\eshare2 it won't +automatically allow the client to request connection to the second +share as the same username as the first without a password.<p> + +If "revalidate" is True then the client will be denied automatic +access as the same username.<p> + +.B Default: + revalidate = False<p> + +.B Example: + revalidate = True<p> + +<a name="root"> +<H3>root (G)</H3> +See +.B root directory. +<a name="root dir"> +<H3>root dir (G)</H3> +See +.B root directory. +<a name="root directory"> +<H3>root directory (G)</H3> +Synonyms for this parameter are 'root dir' and 'root'.<p> + +The server will chroot() to this directory on startup. This is not +strictly necessary for secure operation. Even without it the server +will deny access to files not in one of the service entries. It may +also check for, and deny access to, soft links to other parts of the +filesystem, or attempts to use .. in file names to access other +directories (depending on the setting of the "wide links" parameter).<p> + +Adding a "root dir" entry other than "/" adds an extra level of security, +but at a price. It absolutely ensures that no access is given to files not +in the sub-tree specified in the "root dir" option, *including* some files +needed for complete operation of the server. To maintain full operability +of the server you will need to mirror some system files into the "root dir" +tree. In particular you will need to mirror /etc/passwd (or a subset of it), +and any binaries or configuration files needed for printing (if required). +The set of files that must be mirrored is operating system dependent.<p> + +.B Default: + root directory = /<p> + +.B Example: + root directory = /homes/smb +<a name="root postexec"> +<H3>root postexec (S)</H3><p> + +This is the same as postexec except that the command is run as +root. This is useful for unmounting filesystems (such as cdroms) after +a connection is closed.<p> + +<a name="root preexec"> +<H3>root preexec (S)</H3><p> + +This is the same as preexec except that the command is run as +root. This is useful for mounting filesystems (such as cdroms) before +a connection is finalised.<p> + +<a name="security"> +<H3>security (G)</H3> +This option affects how clients respond to Samba.<p> + +The option sets the "security mode bit" in replies to protocol negotiations +to turn share level security on or off. Clients decide based on this bit +whether (and how) to transfer user and password information to the server.<p> + +The default is "security=SHARE", mainly because that was the only +option at one stage.<p> + +The alternatives are "security = user" or "security = server". <p> + +If your PCs use usernames that are the same as their usernames on the +UNIX machine then you will want to use "security = user". If you +mostly use usernames that don't exist on the UNIX box then use +"security = share".<p> + +There is a bug in WfWg that may affect your decision. When in user +level security a WfWg client will totally ignore the password you type +in the "connect drive" dialog box. This makes it very difficult (if +not impossible) to connect to a Samba service as anyone except the +user that you are logged into WfWg as.<p> + +If you use "security = server" then Samba will try to validate the +username/password by passing it to another SMB server, such as an NT +box. If this fails it will revert to "security = USER".<p> + +See the "password server" option for more details.<p> + +.B Default: + security = SHARE<p> + +.B Example: + security = USER +<a name="server string"> +<H3>server string (G)</H3> +This controls what string will show up in the printer comment box in +print manager and next to the IPC connection in "net view". It can be +any string that you wish to show to your users.<p> + +It also sets what will appear in browse lists next to the machine name.<p> + +A %v will be replaced with the Samba version number.<p> + +A %h will be replaced with the hostname.<p> + +.B Default: + server string = Samba %v<p> + +.B Example: + server string = University of GNUs Samba Server<p> + +<a name="set directory"> +<H3>set directory (S)</H3> +If 'set directory = no', then users of the service may not use the setdir +command to change directory.<p> + +The setdir command is only implemented in the Digital Pathworks client. See the +Pathworks documentation for details.<p> + +.B Default: + set directory = no<p> + +.B Example: + set directory = yes<p> + +<a name="shared file entries"> +<H3>shared file entries (G)</H3> +This parameter has been removed (as of Samba 1.9.18 and above). The new +System V shared memory code prohibits the user from allocating the +share hash bucket size directly.<p> + +<a name="shared mem size"> +<H3>shared mem size (G)</H3> +This parameter is only useful when Samba has been compiled with FAST_SHARE_MODES. +It specifies the size of the shared memory (in bytes) to use between smbd +processes. You should never change this parameter unless you have studied +the source and know what you are doing. This parameter defaults to 1024 +multiplied by the setting of the maximum number of open files in the +file local.h in the Samba source code. MAX_OPEN_FILES is normally set +to 100, so this parameter defaults to 102400 bytes.<p> + +.B Default + shared mem size = 102400<p> + +<a name="smb passwd file"> +<H3>smb passwd file (G)</H3> +This option sets the path to the encrypted smbpasswd file. This is a *VERY +DANGEROUS OPTION* if the smb.conf is user writable. By default the path +to the smbpasswd file is compiled into Samba.<p> + +<a name="smbrun"> +<H3>smbrun (G)</H3> +This sets the full path to the smbrun binary. This defaults to the +value in the Makefile.<p> + +You must get this path right for many services to work correctly.<p> + +.B Default: +taken from Makefile<p> + +.B Example: + smbrun = /usr/local/samba/bin/smbrun<p> + +<a name="share modes"> +<H3>share modes (S)</H3><p> + +This enables or disables the honouring of the "share modes" during a +file open. These modes are used by clients to gain exclusive read or +write access to a file. <p> + +These open modes are not directly supported by UNIX, so they are +simulated using lock files in the "lock directory". The "lock +directory" specified in smb.conf must be readable by all users.<p> + +The share modes that are enabled by this option are DENY_DOS, +DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB.<p> + +Enabling this option gives full share compatibility but may cost a bit +of processing time on the UNIX server. They are enabled by default.<p> + +.B Default: + share modes = yes<p> + +.B Example: + share modes = no<p> + +<a name="short preserve case"> +<H3>short preserve case (S)</H3><p> + +This controls if new short filenames are created with the case that +the client passes, or if they are forced to be the "default" case.<p> + +.B Default: + short preserve case = no<p> + +See the section on "NAME MANGLING" for a fuller discussion.<p> + +<a name="socket address"> +<H3>socket address (G)</H3><p> + +This option allows you to control what address Samba will listen for +connections on. This is used to support multiple virtual interfaces on +the one server, each with a different configuration.<p> + +By default samba will accept connections on any address.<p> + +.B Example: + socket address = 192.168.2.20<p> + +<a name="socket options"> +<H3>socket options (G)</H3> +This option (which can also be invoked with the -O command line +option) allows you to set socket options to be used when talking with +the client.<p> + +Socket options are controls on the networking layer of the operating +systems which allow the connection to be tuned.<p> + +This option will typically be used to tune your Samba server for +optimal performance for your local network. There is no way that Samba +can know what the optimal parameters are for your net, so you must +experiment and choose them yourself. I strongly suggest you read the +appropriate documentation for your operating system first (perhaps +"man setsockopt" will help).<p> + +You may find that on some systems Samba will say "Unknown socket +option" when you supply an option. This means you either mis-typed it +or you need to add an include file to includes.h for your OS. If the +latter is the case please send the patch to me +(samba-bugs@samba.anu.edu.au).<p> + +Any of the supported socket options may be combined in any way you +like, as long as your OS allows it.<p> + +This is the list of socket options currently settable using this +option:<p> + + SO_KEEPALIVE<p> + + SO_REUSEADDR<p> + + SO_BROADCAST<p> + + TCP_NODELAY<p> + + IPTOS_LOWDELAY<p> + + IPTOS_THROUGHPUT<p> + + SO_SNDBUF *<p> + + SO_RCVBUF *<p> + + SO_SNDLOWAT *<p> + + SO_RCVLOWAT *<p> + +Those marked with a * take an integer argument. The others can +optionally take a 1 or 0 argument to enable or disable the option, by +default they will be enabled if you don't specify 1 or 0.<p> + +To specify an argument use the syntax SOME_OPTION=VALUE for example +SO_SNDBUF=8192. Note that you must not have any spaces before or after +the = sign.<p> + +If you are on a local network then a sensible option might be<p> + +socket options = IPTOS_LOWDELAY<p> + +If you have an almost unloaded local network and you don't mind a lot +of extra CPU usage in the server then you could try<p> + +socket options = IPTOS_LOWDELAY TCP_NODELAY<p> + +If you are on a wide area network then perhaps try setting +IPTOS_THROUGHPUT. <p> + +Note that several of the options may cause your Samba server to fail +completely. Use these options with caution!<p> + +.B Default: + no socket options<p> + +.B Example: + socket options = IPTOS_LOWDELAY <p> + +<p> + + +<a name="status"> +<H3>status (G)</H3> +This enables or disables logging of connections to a status file that +.B smbstatus +can read.<p> + +With this disabled +.B smbstatus +won't be able to tell you what +connections are active.<p> + +.B Default: + status = yes<p> + +.B Example: + status = no<p> + +<a name="strict locking"> +<H3>strict locking (S)</H3> +This is a boolean that controls the handling of file locking in the +server. When this is set to yes the server will check every read and +write access for file locks, and deny access if locks exist. This can +be slow on some systems.<p> + +When strict locking is "no" the server does file lock checks only when +the client explicitly asks for them. <p> + +Well behaved clients always ask for lock checks when it is important, +so in the vast majority of cases "strict locking = no" is preferable.<p> + +.B Default: + strict locking = no<p> + +.B Example: + strict locking = yes<p> + +<a name="strip dot"> +<H3>strip dot (G)</H3> +This is a boolean that controls whether to strip trailing dots off +UNIX filenames. This helps with some CDROMs that have filenames ending in a +single dot.<p> + +.B Default: + strip dot = no<p> + +.B Example: + strip dot = yes<p> + +<a name="syslog"> +<H3>syslog (G)</H3> +This parameter maps how Samba debug messages are logged onto the +system syslog logging levels. Samba debug level zero maps onto +syslog LOG_ERR, debug level one maps onto LOG_WARNING, debug +level two maps to LOG_NOTICE, debug level three maps onto LOG_INFO. +The paramter sets the threshold for doing the mapping, all Samba +debug messages above this threashold are mapped to syslog LOG_DEBUG +messages.<p> + +.B Default:<p> + + syslog = 1<p> + +<a name="syslog only"> +<H3>syslog only (G)</H3> +If this parameter is set then Samba debug messages are logged into +the system syslog only, and not to the debug log files.<p> + +.B Default: + syslog only = no<p> + +<a name="sync always"> +<H3>sync always (S)</H3><p> + +This is a boolean parameter that controls whether writes will always +be written to stable storage before the write call returns. If this is +false then the server will be guided by the client's request in each +write call (clients can set a bit indicating that a particular write +should be synchronous). If this is true then every write will be +followed by a fsync() call to ensure the data is written to disk.<p> + +.B Default: + sync always = no<p> + +.B Example: + sync always = yes<p> + +<a name="time offset"> +<H3>time offset (G)</H3> +This parameter is a setting in minutes to add to the normal GMT to +local time conversion. This is useful if you are serving a lot of PCs +that have incorrect daylight saving time handling.<p> + +.B Default: + time offset = 0<p> + +.B Example: + time offset = 60<p> + +<a name="time server"> +<H3>time server (G)</H3> +This parameter determines if nmbd advertises itself as a time server +to Windows clients. The default is False.<p> + +.B Default: + time server = False<p> + +.B Example: + time server = True<p> + +<a name="unix realname"> +<H3>unix realname (G)</H3> +This boolean parameter when set causes samba to supply the real name field +from the unix password file to the client. This is useful for setting up +mail clients and WWW browsers on systems used by more than one person.<p> + +.B Default: + unix realname = no<p> + +.B Example: + unix realname = yes<p> + +<a name="user"> +<H3>user (S)</H3> +See +.B username. +<a name="username"> +<H3>username (S)</H3> +A synonym for this parameter is 'user'.<p> + +Multiple users may be specified in a comma-delimited list, in which case the +supplied password will be tested against each username in turn (left to right).<p> + +The username= line is needed only when the PC is unable to supply its own +username. This is the case for the coreplus protocol or where your +users have different WfWg usernames to UNIX usernames. In both these +cases you may also be better using the \e\eserver\eshare%user syntax +instead. <p> + +The username= line is not a great solution in many cases as it means Samba +will try to validate the supplied password against each of the +usernames in the username= line in turn. This is slow and a bad idea for +lots of users in case of duplicate passwords. You may get timeouts or +security breaches using this parameter unwisely.<p> + +Samba relies on the underlying UNIX security. This parameter does not +restrict who can login, it just offers hints to the Samba server as to +what usernames might correspond to the supplied password. Users can +login as whoever they please and they will be able to do no more +damage than if they started a telnet session. The daemon runs as the +user that they log in as, so they cannot do anything that user cannot +do.<p> + +To restrict a service to a particular set of users you can use the +"valid users=" line.<p> + +If any of the usernames begin with a @ then the name will be looked up +in the groups file and will expand to a list of all users in the group +of that name. Note that searching though a groups file can take quite +some time, and some clients may time out during the search.<p> + +See the section below on username/password validation for more information +on how this parameter determines access to the services.<p> + +.B Default: + The guest account if a guest service, else the name of the service.<p> + +.B Examples: + username = fred + username = fred, mary, jack, jane, @users, @pcgroup<p> + +<a name="username level"> +<H3>username level (G)</H3><p> + +This option helps Samba to try and 'guess' at the real UNIX username, +as many DOS clients send an all-uppercase username. By default Samba +tries all lowercase, followed by the username with the first letter +capitalized, and fails if the username is not found on the UNIX machine.<p> + +If this parameter is set to non-zero the behaviour changes. This +parameter is a number that specifies the number of uppercase combinations +to try whilst trying to determine the UNIX user name. The higher the number +the more combinations will be tried, but the slower the discovery +of usernames will be. Use this parameter when you have strange +usernames on your UNIX machine, such as 'AstrangeUser'.<p> + +.B Default: + username level = 0<p> + +.B Example: + username level = 5<p> + +<a name="username map"> +<H3>username map (G)</H3><p> + +This option allows you to to specify a file containing a mapping of +usernames from the clients to the server. This can be used for several +purposes. The most common is to map usernames that users use on DOS or +Windows machines to those that the UNIX box uses. The other is to map +multiple users to a single username so that they can more easily share +files.<p> + +The map file is parsed line by line. Each line should contain a single +UNIX username on the left then a '=' followed by a list of usernames +on the right. The list of usernames on the right may contain names of +the form @group in which case they will match any UNIX username in +that group. The special client name '*' is a wildcard and matches any +name.<p> + +The file is processed on each line by taking the supplied username and +comparing it with each username on the right hand side of the '=' +signs. If the supplied name matches any of the names on the right +hand side then it is replaced with the name on the left. Processing +then continues with the next line.<p> + +If any line begins with a '#' or a ';' then it is ignored<p> + +If any line begins with an ! then the processing will stop after that +line if a mapping was done by the line. Otherwise mapping continues +with every line being processed. Using ! is most useful when you have +a wildcard mapping line later in the file.<p> + +For example to map from the name "admin" or "administrator" to the UNIX +name "root" you would use<p> + + root = admin administrator<p> + +Or to map anyone in the UNIX group "system" to the UNIX name "sys" you +would use<p> + + sys = @system<p> + +You can have as many mappings as you like in a username map file.<p> + +You can map Windows usernames that have spaces in them by using double +quotes around the name. For example:<p> + + tridge = "Andrew Tridgell"<p> + +would map the windows username "Andrew Tridgell" to the unix username +tridge.<p> + +The following example would map mary and fred to the unix user sys, +and map the rest to guest. Note the use of the ! to tell Samba to stop +processing if it gets a match on that line.<p> + + !sys = mary fred + guest = *<p> + + +Note that the remapping is applied to all occurrences of +usernames. Thus if you connect to "\e\eserver\efred" and "fred" is +remapped to "mary" then you will actually be connecting to +"\e\eserver\emary" and will need to supply a password suitable for +"mary" not "fred". The only exception to this is the username passed +to the "password server" (if you have one). The password server will +receive whatever username the client supplies without modification.<p> + +Also note that no reverse mapping is done. The main effect this has is +with printing. Users who have been mapped may have trouble deleting +print jobs as PrintManager under WfWg will think they don't own the +print job.<p> + +.B Default + no username map<p> + +.B Example + username map = /usr/local/samba/lib/users.map<p> + +<a name="valid chars"> +<H3>valid chars (S)</H3><p> + +The option allows you to specify additional characters that should be +considered valid by the server in filenames. This is particularly +useful for national character sets, such as adding u-umlaut or a-ring.<p> + +The option takes a list of characters in either integer or character +form with spaces between them. If you give two characters with a colon +between them then it will be taken as an lowercase:uppercase pair.<p> + +If you have an editor capable of entering the characters into the +config file then it is probably easiest to use this method. Otherwise +you can specify the characters in octal, decimal or hexadecimal form +using the usual C notation.<p> + +For example to add the single character 'Z' to the charset (which is a +pointless thing to do as it's already there) you could do one of the +following<p> + +valid chars = Z +valid chars = z:Z +valid chars = 0132:0172<p> + +The last two examples above actually add two characters, and alter +the uppercase and lowercase mappings appropriately.<p> + +Note that you MUST specify this parameter after the "client code page" +parameter if you have both set. If "client code page" is set after +the "valid chars" parameter the "valid chars" settings will be +overwritten.<p> + +See also the "client code page" parameter.<p> + +.B Default +.br + Samba defaults to using a reasonable set of valid characters +.br + for english systems<p> + +.B Example + valid chars = 0345:0305 0366:0326 0344:0304<p> + +The above example allows filenames to have the swedish characters in +them. <p> + +NOTE: It is actually quite difficult to correctly produce a "valid +chars" line for a particular system. To automate the process +tino@augsburg.net has written a package called "validchars" which will +automatically produce a complete "valid chars" line for a given client +system. Look in the examples subdirectory for this package.<p> + +<a name="valid users"> +<H3>valid users (S)</H3> +This is a list of users that should be allowed to login to this +service. A name starting with @ is interpreted as a UNIX group.<p> + +If this is empty (the default) then any user can login. If a username +is in both this list and the "invalid users" list then access is +denied for that user.<p> + +The current servicename is substituted for %S. This is useful in the +[homes] section.<p> + +See also "invalid users"<p> + +.B Default + No valid users list. (anyone can login)<p> + +.B Example + valid users = greg, @pcusers<p> + + +<a name="veto file"> +<H3>veto files(S)</H3> +This is a list of files and directories that are neither visible nor +accessible. Each entry in the list must be separated by a "/", which +allows spaces to be included in the entry. '*' and '?' can be used to +specify multiple files or directories as in DOS wildcards.<p> + +Each entry must be a unix path, not a DOS path and must not include the +unix directory separator "/".<p> + +Note that the case sensitivity option is applicable in vetoing files.<p> + +One feature of the veto files parameter that it is important to be +aware of, is that if a directory contains nothing but files that +match the veto files parameter (which means that Windows/DOS clients +cannot ever see them) is deleted, the veto files within that directory +*are automatically deleted* along with it, if the user has UNIX permissions +to do so. + +Setting this parameter will affect the performance of Samba, as +it will be forced to check all files and directories for a match +as they are scanned.<p> + +See also "hide files" and "case sensitive"<p> + +.B Default + No files or directories are vetoed.<p> + +.B Examples + Example 1. + Veto any files containing the word Security, + any ending in .tmp, and any directory containing the + word root.<p> + + veto files = /*Security*/*.tmp/*root*/<p> + + Example 2. + Veto the Apple specific files that a NetAtalk server + creates.<p> + + veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/<p> + +<a name="veto oplock files"> +<H3>veto oplock files (S)</H3> +This parameter is only valid when the 'oplocks' parameter is turned on +for a share. It allows the Samba administrator to selectively turn off +the granting of oplocks on selected files that match a wildcarded list, +similar to the wildcarded list used in the 'veto files' parameter.<p> + +.B Default + No files are vetoed for oplock grants.<p> + +.B Examples +You might want to do this on files that you know will be heavily +contended for by clients. A good example of this is in the NetBench +SMB benchmark program, which causes heavy client contention for files +ending in .SEM. To cause Samba not to grant oplocks on these files +you would use the line (either in the [global] section or in the section +for the particular NetBench share :<p> + + veto oplock files = /*.SEM/<p> + +<a name="volume"> +<H3>volume (S)</H3> +This allows you to override the volume label returned for a +share. Useful for CDROMs with installation programs that insist on a +particular volume label.<p> + +The default is the name of the share<p> + +<a name="wide links"> +<H3>wide links (S)</H3> +This parameter controls whether or not links in the UNIX file system may be +followed by the server. Links that point to areas within the directory tree +exported by the server are always allowed; this parameter controls access +only to areas that are outside the directory tree being exported.<p> + +.B Default: + wide links = yes<p> + +.B Example: + wide links = no<p> + +<a name="wins proxy"> +<H3>wins proxy (G)</H3><p> + +This is a boolean that controls if nmbd will respond to broadcast name +queries on behalf of other hosts. You may need to set this to no for +some older clients.<p> + +.B Default: + wins proxy = no +<a name="wins server"> +<H3>wins server (G)</H3><p> + +This specifies the DNS name (or IP address) of the WINS server that Samba +should register with. If you have a WINS server on your network then you +should set this to the WINS servers name.<p> + +You should point this at your WINS server if you have a multi-subnetted +network. +.B Default: + wins server = <p> + +<a name="wins support"> +<H3>wins support (G)</H3><p> + +This boolean controls if the nmbd process in Samba will act as a WINS server. +You should not set this to true unless you have a multi-subnetted network and +you wish a particular nmbd to be your WINS server. Note that you +should *NEVER* set this to true on more than one machine in your +network.<p> + +.B Default: + wins support = no<p> + +<a name="workgroup"> +<H3>workgroup (G)</H3><p> + +This controls what workgroup your server will appear to be in when +queried by clients. <p> + +.B Default: + set in the Makefile<p> + +.B Example: + workgroup = MYGROUP<p> + +<a name="writable"> +<H3>writable (S)</H3> +A synonym for this parameter is 'write ok'. An inverted synonym is 'read only'.<p> + +If this parameter is 'no', then users of a service may not create or modify +files in the service's directory.<p> + +Note that a printable service ('printable = yes') will ALWAYS allow +writing to the directory (user privileges permitting), but only via +spooling operations.<p> + +.B Default: + writable = no<p> + +.B Examples: + read only = no + writable = yes + write ok = yes +<a name="write list"> +<H3>write list (S)</H3> +This is a list of users that are given read-write access to a +service. If the connecting user is in this list then they will be +given write access, no matter what the "read only" option is set +to. The list can include group names using the @group syntax.<p> + +Note that if a user is in both the read list and the write list then +they will be given write access.<p> + +See also the "read list" option<p> + +.B Default: + write list =<p> + +.B Example: + write list = admin, root, @staff<p> + +<a name="write ok"> +<H3>write ok (S)</H3> +See +.B writable +and +.B read only.<p> + +<a name="write raw"> +<H3>write raw (G)</H3> +This parameter controls whether or not the server will support raw writes when +transferring data from clients.<p> + +.B Default: + write raw = yes<p> + +.B Example: + write raw = no<p> + +</BODY> +</HTML> + + diff --git a/swat/help/welcome.html b/swat/help/welcome.html new file mode 100644 index 00000000000..4f0d8608ce7 --- /dev/null +++ b/swat/help/welcome.html @@ -0,0 +1,8 @@ +Welcome to SWAT!<p> + +need to edit help/welcome.html to fill out this welcome page<p> + + + + + |