| 1 | <samba:parameter name="acl group control"
|
|---|
| 2 | context="S"
|
|---|
| 3 | type="boolean"
|
|---|
| 4 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 5 | <description>
|
|---|
| 6 | <para>
|
|---|
| 7 | In a POSIX filesystem, only the owner of a file or directory and the superuser can modify the permissions
|
|---|
| 8 | and ACLs on a file. If this parameter is set, then Samba overrides this restriction, and also allows the
|
|---|
| 9 | <emphasis>primary group owner</emphasis> of a file or directory to modify the permissions and ACLs
|
|---|
| 10 | on that file.
|
|---|
| 11 | </para>
|
|---|
| 12 | <para>
|
|---|
| 13 | On a Windows server, groups may be the owner of a file or directory - thus allowing anyone in
|
|---|
| 14 | that group to modify the permissions on it. This allows the delegation of security controls
|
|---|
| 15 | on a point in the filesystem to the group owner of a directory and anything below it also owned
|
|---|
| 16 | by that group. This means there are multiple people with permissions to modify ACLs on a file
|
|---|
| 17 | or directory, easing managability.
|
|---|
| 18 | </para>
|
|---|
| 19 | <para>
|
|---|
| 20 | This parameter allows Samba to also permit delegation of the control over a point in the exported
|
|---|
| 21 | directory hierarchy in much the same way as Windows. This allows all members of a UNIX group to
|
|---|
| 22 | control the permissions on a file or directory they have group ownership on.
|
|---|
| 23 | </para>
|
|---|
| 24 |
|
|---|
| 25 | <para>
|
|---|
| 26 | This parameter is best used with the <smbconfoption name="inherit owner"/> option and also
|
|---|
| 27 | on on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set
|
|---|
| 28 | on them, which causes new files and directories created within it to inherit the group
|
|---|
| 29 | ownership from the containing directory.
|
|---|
| 30 | </para>
|
|---|
| 31 |
|
|---|
| 32 | <para>
|
|---|
| 33 | This is parameter has been was deprecated in Samba 3.0.23, but re-activated in
|
|---|
| 34 | Samba 3.0.31 and above, as it now only controls permission changes if the user
|
|---|
| 35 | is in the owning primary group. It is now no longer equivalent to the
|
|---|
| 36 | <parameter moreinfo="none">dos filemode</parameter> option.
|
|---|
| 37 | </para>
|
|---|
| 38 |
|
|---|
| 39 | </description>
|
|---|
| 40 |
|
|---|
| 41 | <related>inherit owner</related>
|
|---|
| 42 | <related>inherit permissions</related>
|
|---|
| 43 |
|
|---|
| 44 | <value type="default">no</value>
|
|---|
| 45 | </samba:parameter>
|
|---|
