source: vendor/current/docs-xml/manpages/vfs_zfsacl.8.xml

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 5.4 KB
Line 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3<refentry id="vfs_zfsacl.8">
4
5<refmeta>
6 <refentrytitle>vfs_zfsacl</refentrytitle>
7 <manvolnum>8</manvolnum>
8 <refmiscinfo class="source">Samba</refmiscinfo>
9 <refmiscinfo class="manual">System Administration tools</refmiscinfo>
10 <refmiscinfo class="version">4.4</refmiscinfo>
11</refmeta>
12
13
14<refnamediv>
15 <refname>vfs_zfsacl</refname>
16 <refpurpose>ZFS ACL samba module</refpurpose>
17</refnamediv>
18
19<refsynopsisdiv>
20 <cmdsynopsis>
21 <command>vfs objects = zfsacl</command>
22 </cmdsynopsis>
23</refsynopsisdiv>
24
25<refsect1>
26 <title>DESCRIPTION</title>
27
28 <para>This VFS module is part of the
29 <citerefentry><refentrytitle>samba</refentrytitle>
30 <manvolnum>7</manvolnum></citerefentry> suite.</para>
31
32 <para>The <command>zfsacl</command> VFS module is the home
33 for all ACL extensions that Samba requires for proper integration
34 with ZFS.
35 </para>
36
37 <para>Currently the zfsacl vfs module provides extensions in following areas :
38 <itemizedlist>
39 <listitem><para>NFSv4 ACL Interfaces with configurable options for ZFS</para></listitem>
40 </itemizedlist>
41 </para>
42
43 <para><command>NOTE:</command>This module follows the posix-acl behaviour
44 and hence allows permission stealing via chown. Samba might allow at a later
45 point in time, to restrict the chown via this module as such restrictions
46 are the responsibility of the underlying filesystem than of Samba.
47 </para>
48
49 <para>This module makes use of the smb.conf parameter
50 <smbconfoption name="acl map full control">acl map full control</smbconfoption>
51 When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD
52 bit on a returned ACE entry for a file (not a directory) that already
53 contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD.
54 This can prevent Windows applications that request GENERIC_ALL access
55 from getting ACCESS_DENIED errors when running against a filesystem
56 with NFSv4 compatible ACLs.
57 </para>
58
59 <para>This module is stackable.</para>
60
61 <para>Since Samba 4.0 all options are per share options.</para>
62
63</refsect1>
64
65
66<refsect1>
67 <title>OPTIONS</title>
68
69 <variablelist>
70
71 <varlistentry>
72
73 <term>nfs4:mode = [ simple | special ]</term>
74 <listitem>
75 <para>
76 Controls substitution of special IDs (OWNER@ and GROUP@) on ZFS.
77 The use of mode simple is recommended.
78 In this mode only non inheriting ACL entries for the file owner
79 and group are mapped to special IDs.
80 </para>
81
82 <para>The following MODEs are understood by the module:</para>
83 <itemizedlist>
84 <listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
85 <listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
86 </itemizedlist>
87 </listitem>
88
89 </varlistentry>
90
91
92 <varlistentry>
93 <term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
94 <listitem>
95 <para>
96 This parameter configures how Samba handles duplicate ACEs encountered in ZFS ACLs.
97 ZFS allows/creates duplicate ACE for different bits for same ID.
98 </para>
99
100 <para>Following is the behaviour of Samba for different values :</para>
101 <itemizedlist>
102 <listitem><para><command>dontcare (default)</command> - copy the ACEs as they come</para></listitem>
103 <listitem><para><command>reject</command> - stop operation and exit with error on ACL set op</para></listitem>
104 <listitem><para><command>ignore</command> - don't include the second matching ACE</para></listitem>
105 <listitem><para><command>merge</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
106 </itemizedlist>
107 </listitem>
108 </varlistentry>
109
110
111 <varlistentry>
112 <term>nfs4:chown = [yes|no]</term>
113 <listitem>
114 <para>This parameter allows enabling or disabling the chown supported
115 by the underlying filesystem. This parameter should be enabled with
116 care as it might leave your system insecure.</para>
117 <para>Some filesystems allow chown as a) giving b) stealing. It is the latter
118 that is considered a risk.</para>
119
120 <para>Following is the behaviour of Samba for different values : </para>
121 <itemizedlist>
122 <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
123 <listitem><para><command>no (default)</command> - Disable chown</para></listitem>
124 </itemizedlist>
125 </listitem>
126 </varlistentry>
127
128 </variablelist>
129</refsect1>
130
131<refsect1>
132 <title>EXAMPLES</title>
133
134 <para>A ZFS mount can be exported via Samba as follows :</para>
135
136<programlisting>
137 <smbconfsection name="[samba_zfs_share]"/>
138 <smbconfoption name="vfs objects">zfsacl</smbconfoption>
139 <smbconfoption name="path">/test/zfs_mount</smbconfoption>
140 <smbconfoption name="nfs4: mode">special</smbconfoption>
141 <smbconfoption name="nfs4: acedup">merge</smbconfoption>
142</programlisting>
143</refsect1>
144
145<refsect1>
146 <title>VERSION</title>
147 <para>This man page is correct for version 4.0.x of the Samba suite.
148 </para>
149</refsect1>
150
151<refsect1>
152 <title>AUTHOR</title>
153
154 <para>The original Samba software and related utilities
155 were created by Andrew Tridgell. Samba is now developed
156 by the Samba Team as an Open Source project similar
157 to the way the Linux kernel is developed.</para>
158</refsect1>
159
160</refentry>
Note: See TracBrowser for help on using the repository browser.