Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [global]
- nt acl support = yes
- acl map full control = no
- This boolean parameter controls whether smbd(8) will attempt to map
- UNIX permissions into Windows NT access control lists. The UNIX
- permissions considered are the traditional UNIX owner and group
- permissions, as well as POSIX ACLs set on any files or directories.
- This boolean parameter controls whether smbd(8) maps a POSIX ACE
- entry of "rwx" (read/write/execute), the maximum allowed POSIX
- permission set, into a Windows ACL of "FULL CONTROL". If this
- parameter is set to true any POSIX ACE entry of "rwx" will be
- returned in a Windows ACL as "FULL CONTROL", is this parameter is
- set to false any POSIX ACE entry of "rwx" will be returned as the
- specific Windows ACL bits representing read, write and execute.
- [global]
- acl allow execute always = false
- guest ok = no
- writeable = yes
- available = yes
- browseable = yes
- printable = no
- locking = yes
- This boolean parameter controls the behaviour of smbd(8) when
- receiving a protocol request of "open for execution" from a Windows
- client. With Samba 3.6 and older, the execution right in the ACL
- was not checked, so a client could execute a file even if it did
- not have execute rights on the file. In Samba 4.0, this has been
- fixed, so that by default, i.e. when this parameter is set to
- "False", "open for execution" is now denied when execution
- permissions are not present.
- If this parameter is set to "True", Samba does not check execute
- permissions on "open for execution", thus re-establishing the
- behaviour of Samba 3.6. This can be useful to smoothen upgrades
- from older Samba versions to 4.0 and newer. This setting is not
- meant to be used as a permanent setting, but as a temporary relief:
- It is recommended to fix the permissions in the ACLs and reset this
- parameter to the default after a certain transition period.
- If this parameter is yes for a service, then no password is
- required to connect to the service. Privileges will be those of the
- guest account.
- This parameter nullifies the benefits of setting restrict anonymous
- = 2
- See the section below on security for more information about this
- option.
- Inverted synonym for read only.
- An inverted synonym is writeable.
- If this parameter is yes, then users of a service may not create or
- modify files in the service's directory.
- Note that a printable service (printable = yes) will ALWAYS allow
- writing to the directory (user privileges permitting), but only via
- spooling operations.
- This parameter lets you "turn off" a service. If available = no,
- then ALL attempts to connect to the service will fail. Such
- failures are logged.
- This controls whether this share is seen in the list of available
- shares in a net view and in the browse list.
- If this parameter is yes, then clients may open, write to and
- submit spool files on the directory specified for the service.
- Note that a printable service will ALWAYS allow writing to the
- service path (user privileges permitting) via the spooling of print
- data. The read only parameter controls only non-printing access to
- the resource.
- This controls whether or not locking will be performed by the
- server in response to lock requests from the client.
- If locking = no, all lock and unlock requests will appear to
- succeed and all lock queries will report that the file in question
- is available for locking.
- If locking = yes, real locking will be performed by the server.
- This option may be useful for read-only filesystems which may not
- need locking (such as CDROM drives), although setting this
- parameter of no is not really recommended even in this case.
- Be careful about disabling locking either globally or in a specific
- service, as lack of locking may result in data corruption. You
- should never need to set this parameter.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement