mirror of https://gitee.com/openkylin/samba.git
212 lines
4.5 KiB
Groff
212 lines
4.5 KiB
Groff
'\" t
|
|
.\" Title: vfs_acl_xattr
|
|
.\" Author: [see the "AUTHOR" section]
|
|
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
|
|
.\" Date: 01/28/2020
|
|
.\" Manual: System Administration tools
|
|
.\" Source: Samba 4.11.6
|
|
.\" Language: English
|
|
.\"
|
|
.TH "VFS_ACL_XATTR" "8" "01/28/2020" "Samba 4\&.11\&.6" "System Administration tools"
|
|
.\" -----------------------------------------------------------------
|
|
.\" * Define some portability stuff
|
|
.\" -----------------------------------------------------------------
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.\" http://bugs.debian.org/507673
|
|
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\" -----------------------------------------------------------------
|
|
.\" * set default formatting
|
|
.\" -----------------------------------------------------------------
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.\" -----------------------------------------------------------------
|
|
.\" * MAIN CONTENT STARTS HERE *
|
|
.\" -----------------------------------------------------------------
|
|
.SH "NAME"
|
|
vfs_acl_xattr \- Save NTFS\-ACLs in Extended Attributes (EAs)
|
|
.SH "SYNOPSIS"
|
|
.HP \w'\ 'u
|
|
vfs objects = acl_xattr
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
This VFS module is part of the
|
|
\fBsamba\fR(7)
|
|
suite\&.
|
|
.PP
|
|
The
|
|
vfs_acl_xattr
|
|
VFS module stores NTFS Access Control Lists (ACLs) in Extended Attributes (EAs)\&. This enables the full mapping of Windows ACLs on Samba servers\&.
|
|
.PP
|
|
The ACLs are stored in the Extended Attribute
|
|
\fIsecurity\&.NTACL\fR
|
|
of a file or directory\&. This Attribute is
|
|
\fInot\fR
|
|
listed by
|
|
getfattr \-d filename\&. To show the current value, the name of the EA must be specified (e\&.g\&.
|
|
getfattr \-n security\&.NTACL filename)\&.
|
|
.PP
|
|
This module forces the following parameters:
|
|
.RS
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
inherit acls = true
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
dos filemode = true
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
force unknown acl user = true
|
|
.RE
|
|
.sp
|
|
.RE
|
|
.PP
|
|
This module is stackable\&.
|
|
.SH "OPTIONS"
|
|
.PP
|
|
acl_xattr:ignore system acls = [yes|no]
|
|
.RS 4
|
|
When set to
|
|
\fIyes\fR, a best effort mapping from/to the POSIX ACL layer will
|
|
\fInot\fR
|
|
be done by this module\&. The default is
|
|
\fIno\fR, which means that Samba keeps setting and evaluating both the system ACLs and the NT ACLs\&. This is better if you need your system ACLs be set for local or NFS file access, too\&. If you only access the data via Samba you might set this to yes to achieve better NT ACL compatibility\&.
|
|
.sp
|
|
If
|
|
\fIacl_xattr:ignore system acls\fR
|
|
is set to
|
|
\fIyes\fR, the following additional settings will be enforced:
|
|
.RS
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
create mask = 0666
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
directory mask = 0777
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
map archive = no
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
map hidden = no
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
map readonly = no
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
map system = no
|
|
.RE
|
|
.sp
|
|
.RS 4
|
|
.ie n \{\
|
|
\h'-04'\(bu\h'+03'\c
|
|
.\}
|
|
.el \{\
|
|
.sp -1
|
|
.IP \(bu 2.3
|
|
.\}
|
|
store dos attributes = yes
|
|
.RE
|
|
.sp
|
|
.RE
|
|
.RE
|
|
.PP
|
|
acl_xattr:default acl style = [posix|windows|everyone]
|
|
.RS 4
|
|
This parameter determines the type of ACL that is synthesized in case a file or directory lacks an
|
|
\fIsecurity\&.NTACL\fR
|
|
xattr\&.
|
|
.sp
|
|
When set to
|
|
\fIposix\fR, an ACL will be synthesized based on the POSIX mode permissions for user, group and others, with an additional ACE for
|
|
\fINT Authority\eSYSTEM\fR
|
|
will full rights\&.
|
|
.sp
|
|
When set to
|
|
\fIwindows\fR, an ACL is synthesized the same way Windows does it, only including permissions for the owner and
|
|
\fINT Authority\eSYSTEM\fR\&.
|
|
.sp
|
|
When set to
|
|
\fIeveryone\fR, an ACL is synthesized giving full permissions to everyone (S\-1\-1\-0)\&.
|
|
.sp
|
|
The default for this option is
|
|
\fIposix\fR\&.
|
|
.RE
|
|
.SH "AUTHOR"
|
|
.PP
|
|
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
|