smb.conf/manpage/2006/parameters/F

fake directory create times
fake directory create times (S) NTFS and  Windows  VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - sta- tus change  time - that Unix keeps, so Samba by default reports the earliest of the various times Unix does keep. Setting this parameter for  a  share  causes Samba to always report midnight 1-1-1980 as the create time for directories.

This option is mainly used as a compatibility option for Visual C++ when  used against Samba shares. Visual C++ generated make- files have the object directory as a dependency for each object file, and a make rule to create the directory. Also, when NMAKE compares timestamps it uses the creation time when examining  a              directory. Thus the object directory will be created if it does not exist, but once it does exist it will always have an earlier timestamp than the object files it contains.

However, Unix time semantics mean that the create time reported by Samba will be updated whenever  a  file  is  created  or  or              deleted  in  the  directory. NMAKE finds all object files in the object directory. The timestamp of the last one built  is  then compared to the timestamp of the object directory. If the direc- tory's timestamp if  newer,  then  all  object  files  will  be              rebuilt. Enabling this option ensures directories always predate their contents and an NMAKE build will proceed as expected.

Default: _�f_�a_�k_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�c_�r_�e_�a_�t_�e _�t_�i_�m_�e_�s = no

fake oplocks
fake oplocks (S) Oplocks are the way that SMB  clients  get  permission  from  a              server  to  locally cache file operations. If a server grants an             oplock (opportunistic lock) then the client is  free  to  assume that it  is the only one accessing the file and it will aggres- sively cache file data. With some oplock types the  client  may even cache  file  open/close operations. This can give enormous performance benefits.

When you set f�fa�ak�ke�e o�op�pl�lo�oc�ck�ks�s =�=  y�ye�es�s,  s�sm�mb�bd�d(8)  will  always  grant oplock requests no matter how many clients are using the file.

It is  generally  much  better  to use the real _�o_�p_�l_�o_�c_�k_�s support rather than this parameter.

If you enable this option on all read-only shares or shares that you know will only be accessed from one client at a time such as             physically read-only media like CDROMs, you will see a big  per- formance improvement  on  many  operations. If you enable this option on shares where multiple clients may  be  accessing  the files read-write  at the same time you can get data corruption. Use this option carefully!

Default: _�f_�a_�k_�e _�o_�p_�l_�o_�c_�k_�s = no

follow symlinks
follow symlinks (S) This parameter  allows  the   Samba   administrator   to   stop s�sm�mb�bd�d(8)from following symbolic links in a particular share. Set- ting this parameter to n�no�o prevents any file or directory that is             a  symbolic  link  from  being  followed  (the  user will get an              error). This option is very useful to stop users from adding  a              symbolic  link  to  _�/_�e_�t_�c_�/_�p_�a_�s_�s_�w_�d  in  their  home  directory  for instance. However it will slow filename lookups down slightly.

This option is enabled (i.e. s�sm�mb�bd�d will follow symbolic links) by             default.

Default: _�f_�o_�l_�l_�o_�w _�s_�y_�m_�l_�i_�n_�k_�s = yes

force create mode
force create mode (S) This parameter specifies a set of UNIX mode bit permissions that will a�al�lw�wa�ay�ys�s be set on a file created by Samba. This is done  by              bitwise  'OR'ing these bits onto the mode bits of a file that is              being created or having its permissions changed. The default for this parameter  is  (in octal) 000. The modes in this parameter are bitwise 'OR'ed onto the file mode after the mask set in the _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k parameter is applied.

The example below would force all created files to have read and execute permissions set for 'group' and 'other' as well as  the read/write/execute bits set for the 'user'.

Default: _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e = 000

Example: _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e = 0755

force directory mode
force directory mode (S) This parameter specifies a set of UNIX mode bit permissions that will a�al�lw�wa�ay�ys�s be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this  parameter  is  (in              octal)  0000  which  will not add any extra permission bits to a              created directory. This operation is done after the mode mask in             the parameter _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k is applied.

The example  below  would force all created directories to have read and execute permissions set for 'group' and 'other' as well as the read/write/execute bits set for the 'user'.

Default: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e = 000

Example: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e = 0755

force directory security mode
force directory security mode (S) This parameter  controls what UNIX permission bits can be modi- fied when a Windows NT client is manipulating the UNIX  permis- sion on a directory using the native NT security dialog box.

This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this  mask  that  the user may  have modified to be on. Essentially, one bits in this mask may be treated as a set of bits that, when modifying secu- rity on a directory, the user has always set to be 'on'.

If not set explicitly this parameter is 000, which allows a user to modify all the user/group/world permissions on  a  directory without restrictions.

N�No�ot�te�e

Users who  can  access the Samba server through other means can easily bypass this restriction, so it is primarily  useful  for standalone "appliance"  systems. Administrators of most normal systems will probably want to leave it set as 0000.

Default: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 0

Example: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 700

group This parameter is a synonym for force group.

force group
force group (S) This specifies a UNIX group name that will be assigned  as  the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to              files  on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to  the files and directories within this service the Samba administra- tor can restrict or allow sharing of these files.

In Samba 2.0.5 and above this parameter has extended functional- ity in  the  following way. If the group name listed here has a             '+' character prepended to it then the  current  user  accessing the share  only  has the primary group default assigned to this group if they are already assigned as a member of  that  group. This allows  an administrator to decide that only users who are already in a particular group will create files with group own- ership set to that group. This gives a finer granularity of own- ership assignment. For example, the setting _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p _�=  _�+_�s_�y_�s means that  only  users  who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.

If the _�f_�o_�r_�c_�e _�u_�s_�e_�r parameter is also set the group specified  in              _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p will override the primary group set in _�f_�o_�r_�c_�e _�u_�s_�e_�r.

Default: _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p =

Example: _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p = agroup

force printername
force printername (S) When printing  from  Windows  NT  (or  later),  each printer in              _�s_�m_�b_�._�c_�o_�n_�f has two associated names  which  can  be  used  by  the client. The first  is  the sharename (or shortname) defined in              smb.conf. This is the only printername available for use by Win- dows 9x  clients. The second name associated with a printer can be seen when browsing  to  the  "Printers"  (or  "Printers  and              Faxes")  folder  on the Samba server. This is referred to simply as the printername (not to be confused with  the  _�p_�r_�i_�n_�t_�e_�r  _�n_�a_�m_�e              option).

When assigning  a  new  driver to a printer on a remote Windows compatible print server such as Samba, the Windows client  will rename the printer to match the driver name just uploaded. This can result in confusion for users when  multiple  printers  are bound to  the  same  driver. To prevent Samba from allowing the printer's printername to differ from the sharename  defined  in              smb.conf, set _�f_�o_�r_�c_�e _�p_�r_�i_�n_�t_�e_�r_�n_�a_�m_�e _�= _�y_�e_�s.

Be aware  that  enabling  this  parameter  may affect migrating printers from a Windows server to Samba since Windows has no way to force the sharename and printername to match.

It is  recommended  that  this parameter's value not be changed once the printer is in use by clients as this could cause a user not be  able  to  delete  printer  connections from their local Printers folder.

Default: _�f_�o_�r_�c_�e _�p_�r_�i_�n_�t_�e_�r_�n_�a_�m_�e = no

force security mode
force security mode (S) This parameter controls what UNIX permission bits can be  modi- fied when  a Windows NT client is manipulating the UNIX permis- sion on a file using the native NT security dialog box.

This parameter is applied as a mask (OR'ed with) to the changed permission bits,  thus  forcing  any bits in this mask that the user may have modified to be on. Essentially, one bits in  this mask may be treated as a set of bits that, when modifying secu- rity on a file, the user has always set to be 'on'.

If not set explicitly this parameter is set to 0, and allows  a              user  to  modify all the user/group/world permissions on a file, with no restrictions.

N�No�ot�te�e that users who can access the Samba server  through  other means can  easily  bypass  this restriction, so it is primarily useful for standalone "appliance"  systems. Administrators of              most  normal  systems  will  probably  want to leave this set to              0000.

Default: _�f_�o_�r_�c_�e _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 0

Example: _�f_�o_�r_�c_�e _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 700

force unknown acl user
force unknown acl user (S) If this parameter is set, a Windows NT  ACL  that  contains  an              unknown SID (security descriptor, or representation of a user or              group id) as the owner or  group  owner  of  the  file  will  be              silently  mapped  into  the  current UNIX uid or gid of the cur- rently connected user.

This is designed to allow Windows NT clients to copy files  and folders containing ACLs that were created locally on the client machine and contain users local to that machine only (no domain              users)  to  be  copied to a Samba server (usually with XCOPY /O) and have the unknown userid and groupid of the file owner map to             the  current  connected  user. This can only be fixed correctly when winbindd allows arbitrary mapping from any Windows NT  SID to a UNIX uid or gid.

Try using  this  parameter when XCOPY /O gives an ACCESS_DENIED error.

Default: _�f_�o_�r_�c_�e _�u_�n_�k_�n_�o_�w_�n _�a_�c_�l _�u_�s_�e_�r = no

force user
force user (S) This specifies a UNIX user name that will be  assigned  as  the default user  for all users connecting to this service. This is             useful for sharing files. You should also use it  carefully  as              using it incorrectly can cause security problems.

This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a              valid password. Once connected, all file operations will be per- formed as the "forced user", no matter what username the client connected as. This can be very useful.

In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).

Default: _�f_�o_�r_�c_�e _�u_�s_�e_�r =

Example: _�f_�o_�r_�c_�e _�u_�s_�e_�r = auser

fstype
fstype (S) This parameter allows the administrator to configure the string that specifies  the type of filesystem a share is using that is              reported by s�sm�mb�bd�d(8) when a client queries  the  filesystem  type for a  share. The default type is N�NT�TF�FS�S for compatibility with Windows NT but this can be changed to  other  strings  such  as              S�Sa�am�mb�ba�a or F�FA�AT�T  if required.

Default: _�f_�s_�t_�y_�p_�e = NTFS

Example: _�f_�s_�t_�y_�p_�e = Samba