<title>Viewing and changing UNIX permissions using the NT
security dialogs</title>
-
- <para>New in the Samba 2.0.4 release is the ability for Windows
- NT clients to use their native security settings dialog box to
- view and modify the underlying UNIX permissions.</para>
+ <para>Windows NT clients can use their native security settings
+ dialog box to view and modify the underlying UNIX permissions.</para>
<para>Note that this ability is careful not to compromise
the security of the UNIX host Samba is running on, and
<sect1>
<title>How to view file security on a Samba share</title>
- <para>From an NT 4.0 client, single-click with the right
+ <para>From an NT4/2000/XP client, single-click with the right
mouse button on any file or directory in a Samba mounted
drive letter or UNC path. When the menu pops-up, click
on the <emphasis>Properties</emphasis> entry at the bottom of
- the menu. This brings up the normal file properties dialog
- box, but with Samba 2.0.4 this will have a new tab along the top
- marked <emphasis>Security</emphasis>. Click on this tab and you
+ the menu. This brings up the file properties dialog
+ box. Click on the tab <emphasis>Security</emphasis> and you
will see three buttons, <emphasis>Permissions</emphasis>,
<emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>.
The <emphasis>Auditing</emphasis> button will cause either
<para>There is an NT chown command that will work with Samba
and allow a user with Administrator privilege connected
- to a Samba 2.0.4 server as root to change the ownership of
+ to a Samba server as root to change the ownership of
files on both a local NTFS filesystem or remote mounted NTFS
or Samba drive. This is available as part of the <emphasis>Seclib
</emphasis> NT security library written by Jeremy Allison of
</command> message.</para>
<para>The first thing to note is that the <command>"Add"</command>
- button will not return a list of users in Samba 2.0.4 (it will give
+ button will not return a list of users in Samba (it will give
an error message of <command>"The remote procedure call failed
and did not execute"</command>). This means that you can only
manipulate the current user/group/world permissions listed in
<title>Interaction with the standard Samba create mask
parameters</title>
- <para>Note that with Samba 2.0.5 there are four new parameters
- to control this interaction. These are :</para>
+ <para>There are four parameters
+ to control interaction with the standard Samba create mask parameters.
+ These are :</para>
<para><parameter>security mask</parameter></para>
<para><parameter>force security mode</parameter></para>
<para>If not set explicitly this parameter is set to the same value as
the <ulink url="smb.conf.5.html#CREATEMASK"><parameter>create mask
- </parameter></ulink> parameter to provide compatibility with Samba 2.0.4
- where this permission change facility was introduced. To allow a user to
- modify all the user/group/world permissions on a file, set this parameter
+ </parameter></ulink> parameter. To allow a user to modify all the
+ user/group/world permissions on a file, set this parameter
to 0777.</para>
<para>Next Samba checks the changed permissions for a file against
<para>If not set explicitly this parameter is set to the same value
as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force
- create mode</parameter></ulink> parameter to provide compatibility
- with Samba 2.0.4 where the permission change facility was introduced.
+ create mode</parameter></ulink> parameter.
To allow a user to modify all the user/group/world permissions on a file
with no restrictions set this parameter to 000.</para>
by default is set to the same value as the <parameter>directory mask
</parameter> parameter and the <parameter>force directory security
mode</parameter> parameter by default is set to the same value as
- the <parameter>force directory mode</parameter> parameter to provide
- compatibility with Samba 2.0.4 where the permission change facility
- was introduced.</para>
+ the <parameter>force directory mode</parameter> parameter. </para>
<para>In this way Samba enforces the permission restrictions that
an administrator can set on a Samba share, whilst still allowing users
<para><parameter>force security mode = 0</parameter></para>
<para><parameter>directory security mask = 0777</parameter></para>
<para><parameter>force directory security mode = 0</parameter></para>
-
- <para>As described, in Samba 2.0.4 the parameters :</para>
-
- <para><parameter>create mask</parameter></para>
- <para><parameter>force create mode</parameter></para>
- <para><parameter>directory mask</parameter></para>
- <para><parameter>force directory mode</parameter></para>
-
- <para>were used instead of the parameters discussed here.</para>
</sect1>
<sect1>
docs/docbook/projdoc/DOMAIN_MEMBER.sgml - Needs update to 3.0
docs/docbook/projdoc/ADS-HOWTO.sgml - seems outdated (it says we require 'ads server' when in ads mode, though that's not true, according to the manpages...)
docs/docbook/projdoc/Integrating-with-Windows.sgml - Should slowly go a way. Contains a little bit information about wins, a little bit about domain membership, a little about winbind, etc
-docs/docbook/projdoc/NT_Security.sgml - probably outdated
docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
docs/docbook/projdoc/Printing.sgml - Cups is not documented, smbprint, printing /to/ a windows server... - Kurt Pfeifle
docs/docbook/projdoc/Samba-BDC-HOWTO.sgml - Needs update to 3.0
docs/textdocs/PROFILES.txt - needs to be converted to sgml
docs/textdocs/README.jis - Seems to need updating - possibly obsoleted by a newer japanese howto?
docs/textdocs/RoutedNetworks.txt - still valid, but shouldn't this go into Other_clients.sgml ? This text originally comes from microsoft, what about copyright?
+docs/docbook/manpages/ntlm_auth.1.sgml - Is very basic at the moment, parameters need better descriptions
These still need to be checked:
docs/docbook/manpages/smbmnt.8.sgml
docs/docbook/manpages/testprns.1.sgml
Stuff that needs to be documented:
-ntlm_auth
wrepld
-editreg
Windows NT 4.0 Style Trust Relationship
Winbind in a samba controlled domain
One Time Migration script from a Windows NT 4.0 PDC to a Samba PDC
git.samba.org / samba.git / commitdiff