< smb.conf | manpage | 2006 | parameters
Revision as of 14:37, 5 September 2010 by Woozle (splitting into subpages)
fake directory create times
fake directory create times (S) NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - sta- tus change time - that Unix keeps, so Samba by default reports the earliest of the various times Unix does keep. Setting this parameter for a share causes Samba to always report midnight 1-1-1980 as the create time for directories.
This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. Visual C++ generated make- files have the object directory as a dependency for each object file, and a make rule to create the directory. Also, when NMAKE compares timestamps it uses the creation time when examining a directory. Thus the object directory will be created if it does not exist, but once it does exist it will always have an earlier timestamp than the object files it contains.
However, Unix time semantics mean that the create time reported by Samba will be updated whenever a file is created or or deleted in the directory. NMAKE finds all object files in the object directory. The timestamp of the last one built is then compared to the timestamp of the object directory. If the direc- tory's timestamp if newer, then all object files will be rebuilt. Enabling this option ensures directories always predate their contents and an NMAKE build will proceed as expected.
Default: _�f_�a_�k_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�c_�r_�e_�a_�t_�e _�t_�i_�m_�e_�s = no
fake oplocks (S) Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume that it is the only one accessing the file and it will aggres- sively cache file data. With some oplock types the client may even cache file open/close operations. This can give enormous performance benefits.
When you set f�fa�ak�ke�e o�op�pl�lo�oc�ck�ks�s =�= y�ye�es�s, s�sm�mb�bd�d(8) will always grant oplock requests no matter how many clients are using the file.
It is generally much better to use the real _�o_�p_�l_�o_�c_�k_�s support rather than this parameter.
If you enable this option on all read-only shares or shares that you know will only be accessed from one client at a time such as physically read-only media like CDROMs, you will see a big per- formance improvement on many operations. If you enable this option on shares where multiple clients may be accessing the files read-write at the same time you can get data corruption. Use this option carefully!
Default: _�f_�a_�k_�e _�o_�p_�l_�o_�c_�k_�s = no
follow symlinks (S) This parameter allows the Samba administrator to stop s�sm�mb�bd�d(8)from following symbolic links in a particular share. Set- ting this parameter to n�no�o prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a symbolic link to _�/_�e_�t_�c_�/_�p_�a_�s_�s_�w_�d in their home directory for instance. However it will slow filename lookups down slightly.
This option is enabled (i.e. s�sm�mb�bd�d will follow symbolic links) by default.
Default: _�f_�o_�l_�l_�o_�w _�s_�y_�m_�l_�i_�n_�k_�s = yes
force create mode
force create mode (S) This parameter specifies a set of UNIX mode bit permissions that will a�al�lw�wa�ay�ys�s be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a file that is being created or having its permissions changed. The default for this parameter is (in octal) 000. The modes in this parameter are bitwise 'OR'ed onto the file mode after the mask set in the _�c_�r_�e_�a_�t_�e _�m_�a_�s_�k parameter is applied.
The example below would force all created files to have read and execute permissions set for 'group' and 'other' as well as the read/write/execute bits set for the 'user'.
Default: _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e = 000
Example: _�f_�o_�r_�c_�e _�c_�r_�e_�a_�t_�e _�m_�o_�d_�e = 0755
force directory mode
force directory mode (S) This parameter specifies a set of UNIX mode bit permissions that will a�al�lw�wa�ay�ys�s be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the mode bits of a directory that is being created. The default for this parameter is (in octal) 0000 which will not add any extra permission bits to a created directory. This operation is done after the mode mask in the parameter _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k is applied.
The example below would force all created directories to have read and execute permissions set for 'group' and 'other' as well as the read/write/execute bits set for the 'user'.
Default: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e = 000
Example: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e = 0755
force directory security mode
force directory security mode (S) This parameter controls what UNIX permission bits can be modi- fied when a Windows NT client is manipulating the UNIX permis- sion on a directory using the native NT security dialog box.
This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this mask that the user may have modified to be on. Essentially, one bits in this mask may be treated as a set of bits that, when modifying secu- rity on a directory, the user has always set to be 'on'.
If not set explicitly this parameter is 000, which allows a user to modify all the user/group/world permissions on a directory without restrictions.
Users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave it set as 0000.
Default: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 0
Example: _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 700
group This parameter is a synonym for force group.
force group (S) This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to the files and directories within this service the Samba administra- tor can restrict or allow sharing of these files.
In Samba 2.0.5 and above this parameter has extended functional- ity in the following way. If the group name listed here has a '+' character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group. This allows an administrator to decide that only users who are already in a particular group will create files with group own- ership set to that group. This gives a finer granularity of own- ership assignment. For example, the setting _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p _�= _�+_�s_�y_�s means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.
If the _�f_�o_�r_�c_�e _�u_�s_�e_�r parameter is also set the group specified in _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p will override the primary group set in _�f_�o_�r_�c_�e _�u_�s_�e_�r.
Default: _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p =
Example: _�f_�o_�r_�c_�e _�g_�r_�o_�u_�p = agroup
force printername (S) When printing from Windows NT (or later), each printer in _�s_�m_�b_�._�c_�o_�n_�f has two associated names which can be used by the client. The first is the sharename (or shortname) defined in smb.conf. This is the only printername available for use by Win- dows 9x clients. The second name associated with a printer can be seen when browsing to the "Printers" (or "Printers and Faxes") folder on the Samba server. This is referred to simply as the printername (not to be confused with the _�p_�r_�i_�n_�t_�e_�r _�n_�a_�m_�e option).
When assigning a new driver to a printer on a remote Windows compatible print server such as Samba, the Windows client will rename the printer to match the driver name just uploaded. This can result in confusion for users when multiple printers are bound to the same driver. To prevent Samba from allowing the printer's printername to differ from the sharename defined in smb.conf, set _�f_�o_�r_�c_�e _�p_�r_�i_�n_�t_�e_�r_�n_�a_�m_�e _�= _�y_�e_�s.
Be aware that enabling this parameter may affect migrating printers from a Windows server to Samba since Windows has no way to force the sharename and printername to match.
It is recommended that this parameter's value not be changed once the printer is in use by clients as this could cause a user not be able to delete printer connections from their local Printers folder.
Default: _�f_�o_�r_�c_�e _�p_�r_�i_�n_�t_�e_�r_�n_�a_�m_�e = no
force security mode
force security mode (S) This parameter controls what UNIX permission bits can be modi- fied when a Windows NT client is manipulating the UNIX permis- sion on a file using the native NT security dialog box.
This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this mask that the user may have modified to be on. Essentially, one bits in this mask may be treated as a set of bits that, when modifying secu- rity on a file, the user has always set to be 'on'.
If not set explicitly this parameter is set to 0, and allows a user to modify all the user/group/world permissions on a file, with no restrictions.
N�No�ot�te�e that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will probably want to leave this set to 0000.
Default: _�f_�o_�r_�c_�e _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 0
Example: _�f_�o_�r_�c_�e _�s_�e_�c_�u_�r_�i_�t_�y _�m_�o_�d_�e = 700
force unknown acl user
force unknown acl user (S) If this parameter is set, a Windows NT ACL that contains an unknown SID (security descriptor, or representation of a user or group id) as the owner or group owner of the file will be silently mapped into the current UNIX uid or gid of the cur- rently connected user.
This is designed to allow Windows NT clients to copy files and folders containing ACLs that were created locally on the client machine and contain users local to that machine only (no domain users) to be copied to a Samba server (usually with XCOPY /O) and have the unknown userid and groupid of the file owner map to the current connected user. This can only be fixed correctly when winbindd allows arbitrary mapping from any Windows NT SID to a UNIX uid or gid.
Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
Default: _�f_�o_�r_�c_�e _�u_�n_�k_�n_�o_�w_�n _�a_�c_�l _�u_�s_�e_�r = no
force user (S) This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be per- formed as the "forced user", no matter what username the client connected as. This can be very useful.
In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).
Default: _�f_�o_�r_�c_�e _�u_�s_�e_�r =
Example: _�f_�o_�r_�c_�e _�u_�s_�e_�r = auser
fstype (S) This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by s�sm�mb�bd�d(8) when a client queries the filesystem type for a share. The default type is N�NT�TF�FS�S for compatibility with Windows NT but this can be changed to other strings such as S�Sa�am�mb�ba�a or F�FA�AT�T if required.
Default: _�f_�s_�t_�y_�p_�e = NTFS
Example: _�f_�s_�t_�y_�p_�e = Samba