| 1 | <samba:parameter name="acl check permissions"
|
|---|
| 2 | context="S"
|
|---|
| 3 | type="boolean"
|
|---|
| 4 | advanced="1" wizard="1"
|
|---|
| 5 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 6 | <description>
|
|---|
| 7 | <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle>
|
|---|
| 8 | <manvolnum>8</manvolnum></citerefentry>does on receiving a protocol request of "open for delete"
|
|---|
| 9 | from a Windows client. If a Windows client doesn't have permissions to delete a file then they
|
|---|
| 10 | expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by
|
|---|
| 11 | actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a
|
|---|
| 12 | delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately
|
|---|
| 13 | on "open for delete" request as we cannot restore such a deleted file. With this parameter set to
|
|---|
| 14 | true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the
|
|---|
| 15 | request without actually deleting the file if the file system permissions would seem to deny it.
|
|---|
| 16 | This is not perfect, as it's possible a user could have deleted a file without Samba being able to
|
|---|
| 17 | check the permissions correctly, but it is close enough to Windows semantics for mostly correct
|
|---|
| 18 | behaviour. Samba will correctly check POSIX ACL semantics in this case.
|
|---|
| 19 | </para>
|
|---|
| 20 | <para>If this parameter is set to "false" Samba doesn't check permissions on "open for delete"
|
|---|
| 21 | and allows the open. If the user doesn't have permission to delete the file this will only be
|
|---|
| 22 | discovered at close time, which is too late for the Windows user tools to display an error message
|
|---|
| 23 | to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
|
|---|
| 24 | on a Windows explorer refresh. This is an extremely advanced protocol option which should not
|
|---|
| 25 | need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
|
|---|
| 26 | with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
|
|---|
| 27 | </para>
|
|---|
| 28 | </description>
|
|---|
| 29 | <value type="default">True</value>
|
|---|
| 30 | </samba:parameter>
|
|---|
