diff options
Diffstat (limited to 'docs-xml/smbdotconf/security/invalidusers.xml')
-rw-r--r-- | docs-xml/smbdotconf/security/invalidusers.xml | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/docs-xml/smbdotconf/security/invalidusers.xml b/docs-xml/smbdotconf/security/invalidusers.xml index 268cdfad560..b2fb2b9d293 100644 --- a/docs-xml/smbdotconf/security/invalidusers.xml +++ b/docs-xml/smbdotconf/security/invalidusers.xml @@ -7,8 +7,21 @@ to login to this service. This is really a <emphasis>paranoid</emphasis> check to absolutely ensure an improper setting does not breach your security.</para> + + <para>A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database.</para> - <para>A name starting with a '@' is interpreted UNIX group.</para> + <para>A name starting with '+' is interpreted only + by looking in the UNIX group database via the NSS getgrnam() interface. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value <parameter moreinfo="none">+&group</parameter> means check the + UNIX group database, followed by the NIS netgroup database, and + the value <parameter moreinfo="none">&+group</parameter> means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix).</para> <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. This is useful in the [homes] section.</para> |