Author: jra Date: 2005-08-19 16:40:15 +0000 (Fri, 19 Aug 2005) New Revision: 797
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=797 Log: Added "acl group control" docs. Jeremy. Added: trunk/smbdotconf/security/aclgroupcontrol.xml Changeset: Added: trunk/smbdotconf/security/aclgroupcontrol.xml =================================================================== --- trunk/smbdotconf/security/aclgroupcontrol.xml 2005-08-18 00:36:55 UTC (rev 796) +++ trunk/smbdotconf/security/aclgroupcontrol.xml 2005-08-19 16:40:15 UTC (rev 797) @@ -0,0 +1,47 @@ +<samba:parameter name="acl group control" + context="S" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";> +<description> + <para> + In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions + and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the + <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs + on that file. + </para> + <para> + On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in + that group to modify the permissions on it. This allows the delegation of security controls + on a point in the filesystem to the group owner of a directory and anything below it also owned + by that group. This means there are multiple people with permissions to modify ACLs on a file + or directory, easing managability. + </para> + <para> + This parameter allows Samba to also permit delegation of the control over a point in the exported + directory hierarchy in much the same was as Windows. This allows all members of a UNIX group to + control the permissions on a file or directory they have group ownership on. + </para> + + <para> + This parameter is best used with the <smbconfoption name="inherit owner"/> option and also + on on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> bit set + on them, which causes new files and directories created within it to inherit the group + ownership from the containing directory. + </para> + + <para> + This is a new parameter introduced in Samba 3.0.20. + </para> + + <para> + This can be particularly useful to allow groups to manage their own security on a part + of the filesystem they have group ownership of, removing the bottleneck of having only + the user owner or superuser able to reset permissions. + </para> +</description> + +<related>inherit owner</related> +<related>inherit permissions</related> + +<value type="default">no</value> +</samba:parameter>
