smb.conf/manpage/2006/parameters/D
< smb.conf | manpage | 2006 | parameters
Jump to navigation
Jump to search
deadtime
- deadtime (G)
- The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead and is disconnected. The deadtime only takes effect if the number of open files is zero.
- This is useful to stop a server's resources being exhausted by a large number of inactive connections.
- Most clients have an auto-reconnect feature when a connection is broken so in most cases this parameter should be transparent to users.
- Using this parameter with a timeout of a few minutes is recommended for most systems.
- A deadtime of zero indicates that no auto-disconnection should be performed.
- Default: deadtime = 0
- Example: deadtime = 15
- debug hires timestamp (G)
- Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp message header when turned on.
- Note that the parameter debug timestamp must be on for this to have an effect.
- Default: debug hires timestamp = no
debug pid
- debug pid (G)
- When using only one log file for more then one forked smbd(8)-process there may be hard to follow which process outputs which message.
- This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on.
- Note that the parameter debug timestamp must be on for this to have an effect.
- Default: debug pid = no
debug timestamp
- timestamp logs
- This parameter is a synonym for debug timestamp.
- debug timestamp (G)
- Samba debug log messages are timestamped by default. If you are running at a high debug level these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.
- Default: debug timestamp = yes
- debug uid (G)
- Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.
- Note that the parameter debug timestamp must be on for this to have an effect.
- Default: debug uid = no
- default case (S)
- See the section on NAME MANGLING. Also note the short preserve case parameter.
- Default: default case = lower
default devmode
- default devmode (S)
- This parameter is only applicable to printable services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be generated by the printer driver itself (which can only be executed on a Win32 platform). Because smbd is unable to execute the driver code to generate the device mode, the default behavior is to set this field to NULL.
- Most problems with serving printer drivers to Windows NT/2k/XP clients can be traced to a problem with the generated device mode. Certain drivers will do things such as crashing the client's Explorer.exe with a NULL devmode. However, other printer drivers can cause the client's spooler service (spoolsv.exe) to die if the devmode was not created by the driver itself (i.e. smbd generates a default devmode).
- This parameter should be used with care and tested with the printer driver in question. It is better to leave the device mode to NULL and let the Windows client set the correct values. Because drivers do not do this all the time, setting default devmode = yes will instruct smbd to generate a default one.
- For more information on Windows NT/2k printing and Device Modes, see the MSDN documentation.
- Default: default devmode = no
default service
- default
- This parameter is a synonym for default service.
- default service (G)
- This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are NOT given in the parameter value (see example below).
- There is no default value for this parameter. If this parameter is not given, attempting to connect to a nonexistent service results in an error.
- Typically the default service would be a guest ok, read-only service.
- Also note that the apparent service name will be changed to equal that of the requested service, this is very useful as it allows you to use macros like %S to make a wildcard service.
- Note also that any "_" characters in the name of the service used in the default service will get mapped to a "/". This allows for interesting things.
- Default: default service =
- Example: default service = pub
defer sharing violations
- defer sharing violations (G)
- Windows allows specifying how a file will be shared with other processes when it is opened. Sharing violations occur when a file is opened by a different process using options that violate the share settings specified by other processes. This parameter causes smbd to act as a Windows server does, and defer returning a "sharing violation" error message for up to one second, allowing the client to close the file causing the violation in the meantime.
- Unix by default does not have this behaviour.
- There should be no reason to turn off this parameter, as it is designed to enable Samba to more correctly emulate Windows.
- Default: defer sharing violations = True
delete group script
- delete group script (G)
- This is the full pathname to a script that will be run AS ROOT smbd(8) when a group is requested to be deleted. It will expand any %g to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
- Default: delete group script =
deleteprinter
- deleteprinter command (G)
- With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer at run time by issuing the DeletePrinter() RPC call.
- For a Samba host this means that the printer must be physically deleted from underlying printing system. The deleteprinter command defines a script to be run which will perform the necessary operations for removing the printer from the print system and from smb.conf.
- The deleteprinter command is automatically called with only one parameter: "printer name".
- Once the deleteprinter command has been executed, smbd will reparse the smb.conf to associated printer no longer exists. If the sharename is still valid, then smbd will return an ACCESS_DENIED error to the client.
- Default: deleteprinter command =
- Example: deleteprinter command = /usr/bin/removeprinter
- delete readonly (S)
- This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.
- This option may be useful for running applications such as rcs, where UNIX file ownership prevents changing file permissions, and DOS semantics prevent deletion of a read only file.
- Default: delete readonly = no
delete share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete
shares via the Windows NT 4.0 Server Manager. The_�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e
_�c_�o_�m_�m_�a_�n_�d is used to define an external program or script which
will remove an existing service definition from _�s_�m_�b_�._�c_�o_�n_�f. In
order to successfully execute the _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d, s�sm�mb�bd�d
requires that the administrator be connected using a root
account (i.e. uid == 0).
When executed, s�sm�mb�bd�d will automatically invoke the_�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e
_�c_�o_�m_�m_�a_�n_�d with two parameters.
· _�c_�o_�n_�f_�i_�g_�F_�i_�l_�e - the location of the global _�s_�m_�b_�._�c_�o_�n_�f file.
· _�s_�h_�a_�r_�e_�N_�a_�m_�e - the name of the existing service.
This parameter is only used to remove file shares. To delete printer
shares, see the _�d_�e_�l_�e_�t_�e_�p_�r_�i_�n_�t_�e_�r _�c_�o_�m_�m_�a_�n_�d.
Default: _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d =
Example: _�d_�e_�l_�e_�t_�e _�s_�h_�a_�r_�e _�c_�o_�m_�m_�a_�n_�d = /usr/local/bin/delshare
delete user from group script
delete user from group script (G)
Full path to the script that will be called when a user is
removed from a group using the Windows NT domain administration
tools. It will be run by s�sm�mb�bd�d(8) A�AS�S R�RO�OO�OT�T. Any _�%_�g will be
replaced with the group name and any _�%_�u will be replaced with
the user name.
Default: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�f_�r_�o_�m _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t =
Example: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�f_�r_�o_�m _�g_�r_�o_�u_�p _�s_�c_�r_�i_�p_�t = /usr/sbin/deluser %u %g
delete user script
delete user script (G)
This is the full pathname to a script that will be run by
s�sm�mb�bd�d(8) when managing users with remote RPC (NT) tools.
This script is called when a remote client removes a user from
the server, normally using 'User Manager for Domains' orr�rp�pc�c-�-
c�cl�li�ie�en�nt�t.
This script should delete the given UNIX username.
Default: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�s_�c_�r_�i_�p_�t =
Example: _�d_�e_�l_�e_�t_�e _�u_�s_�e_�r _�s_�c_�r_�i_�p_�t = /usr/local/samba/bin/del_user %u
delete veto files
delete veto files (S)
This option is used when Samba is attempting to delete a direc-
tory that contains one or more vetoed directories (see the _�v_�e_�t_�o
_�f_�i_�l_�e_�s option). If this option is set to n�no�o (the default) then if
a vetoed directory contains any non-vetoed files or directories
then the directory delete will fail. This is usually what you
want.
If this option is set to y�ye�es�s, then Samba will attempt to recur-
sively delete any files and directories within the vetoed direc-
tory. This can be useful for integration with file serving sys-
tems such as NetAtalk which create meta-files within directories
you might normally veto DOS/Windows users from seeing (e.g.
_�._�A_�p_�p_�l_�e_�D_�o_�u_�b_�l_�e)
Setting d�de�el�le�et�te�e v�ve�et�to�o f�fi�il�le�es�s =�= y�ye�es�s allows these directories to be
transparently deleted when the parent directory is deleted (so
long as the user has permissions to do so).
Default: _�d_�e_�l_�e_�t_�e _�v_�e_�t_�o _�f_�i_�l_�e_�s = no
dfree command
dfree command (G)
The _�d_�f_�r_�e_�e _�c_�o_�m_�m_�a_�n_�d setting should only be used on systems where a
problem occurs with the internal disk space calculations. This
has been known to happen with Ultrix, but may occur with other
operating systems. The symptom that was seen was an error of
"Abort Retry Ignore" at the end of each directory listing.
This setting allows the replacement of the internal routines to
calculate the total disk space and amount available with an
external routine. The example below gives a possible script that
might fulfill this function.
The external program will be passed a single parameter indicat-
ing a directory in the filesystem being queried. This will typi-
cally consist of the string _�._�/. The script should return two
integers in ASCII. The first should be the total disk space in
blocks, and the second should be the number of available blocks.
An optional third return value can give the block size in bytes.
The default blocksize is 1024 bytes.
Note: Your script should N�NO�OT�T be setuid or setgid and should be
owned by (and writeable only by) root!
Where the script dfree (which must be made executable) could be:
#!/bin/sh
df $1 | tail -1 | awk '{print $2" "$4}'
or perhaps (on Sys V based systems):
#!/bin/sh
/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
Note that you may have to replace the command names with full
path names on some systems.
Default: _�d_�f_�r_�e_�e _�c_�o_�m_�m_�a_�n_�d = # By default internal routines for
determining the disk capacity and remaining space will be used.
Example: _�d_�f_�r_�e_�e _�c_�o_�m_�m_�a_�n_�d = /usr/local/samba/bin/dfree
directory mask
directory mode
This parameter is a synonym for directory mask.
directory mask (S)
This parameter is the octal modes which are used when converting
DOS modes to UNIX modes when creating UNIX directories.
When a directory is created, the necessary permissions are
calculated according to the mapping from DOS modes to UNIX per-
missions, and the resulting UNIX mode is then bit-wise 'AND'ed
with this parameter. This parameter may be thought of as a
bit-wise MASK for the UNIX modes of a directory. Any bit n�no�ot�t set
here will be removed from the modes set on a directory when it
is created.
The default value of this parameter removes the 'group' and
'other' write bits from the UNIX mode, allowing only the user
who owns the directory to modify it.
Following this Samba will bit-wise 'OR' the UNIX mode created
from this parameter with the value of the _�f_�o_�r_�c_�e _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�o_�d_�e
parameter. This parameter is set to 000 by default (i.e. no
extra mode bits are added).
Note that this parameter does not apply to permissions set by
Windows NT/2000 ACL editors. If the administrator wishes to
enforce a mask on access control lists also, they need to set
the _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k.
Default: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k = 0755
Example: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�m_�a_�s_�k = 0775
directory security mask
directory security mask (S)
This parameter controls what UNIX permission bits can be modi-
fied when a Windows NT client is manipulating the UNIX permis-
sion on a directory using the native NT security dialog box.
This parameter is applied as a mask (AND'ed with) to the changed
permission bits, thus preventing any bits not in this mask from
being modified. Essentially, zero bits in this mask may be
treated as a set of bits the user is not allowed to change.
If not set explicitly this parameter is set to 0777 meaning a
user is allowed to modify all the user/group/world permissions
on a directory.
N�No�ot�te�e that users who can access the Samba server through other
means can easily bypass this restriction, so it is primarily
useful for standalone "appliance" systems. Administrators of
most normal systems will probably want to leave it as the
default of 0�07�77�77�7.
Default: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0777
Example: _�d_�i_�r_�e_�c_�t_�o_�r_�y _�s_�e_�c_�u_�r_�i_�t_�y _�m_�a_�s_�k = 0700
disable netbios
disable netbios (G)
Enabling this parameter will disable netbios support in Samba.
Netbios is the only available form of browsing in all windows
versions except for 2000 and XP.
N�No�ot�te�e
Clients that only support netbios won't be able to see your
samba server when netbios support is disabled.
Default: _�d_�i_�s_�a_�b_�l_�e _�n_�e_�t_�b_�i_�o_�s = no
disable spoolss
disable spoolss (G)
Enabling this parameter will disable Samba's support for the
SPOOLSS set of MS-RPC's and will yield identical behavior as
Samba 2.0.x. Windows NT/2000 clients will downgrade to using
Lanman style printing commands. Windows 9x/ME will be uneffected
by the parameter. However, this will also disable the ability to
upload printer drivers to a Samba server via the Windows NT Add
Printer Wizard or by using the NT printer properties dialog win-
dow. It will also disable the capability of Windows NT/2000
clients to download print drivers from the Samba host upon
demand. B�Be�e v�ve�er�ry�y c�ca�ar�re�ef�fu�ul�l a�ab�bo�ou�ut�t e�en�na�ab�bl�li�in�ng�g t�th�hi�is�s p�pa�ar�ra�am�me�et�te�er�r.�.
Default: _�d_�i_�s_�a_�b_�l_�e _�s_�p_�o_�o_�l_�s_�s = no
display charset
display charset (G)
Specifies the charset that samba will use to print messages to
stdout and stderr and SWAT will use. Should generally be the
same as the u�un�ni�ix�x c�ch�ha�ar�rs�se�et�t.
Default: _�d_�i_�s_�p_�l_�a_�y _�c_�h_�a_�r_�s_�e_�t = ASCII
Example: _�d_�i_�s_�p_�l_�a_�y _�c_�h_�a_�r_�s_�e_�t = UTF8
dns proxy
dns proxy (G)
Specifies that n�nm�mb�bd�d(8) when acting as a WINS server and finding
that a NetBIOS name has not been registered, should treat the
NetBIOS name word-for-word as a DNS name and do a lookup with
the DNS server for that name on behalf of the name-querying
client.
Note that the maximum length for a NetBIOS name is 15 charac-
ters, so the DNS name (or DNS alias) can likewise only be 15
characters, maximum.
n�nm�mb�bd�d spawns a second copy of itself to do the DNS name lookup
requests, as doing a name lookup is a blocking action.
Default: _�d_�n_�s _�p_�r_�o_�x_�y = yes
domain logons
domain logons (G)
If set to y�ye�es�s, the Samba server will serve Windows 95/98 Domain
logons for the _�w_�o_�r_�k_�g_�r_�o_�u_�p it is in. Samba 2.2 has limited capa-
bility to act as a domain controller for Windows NT 4 Domains.
For more details on setting up this feature see the PDC chapter
of the Samba HOWTO Collection.
Default: _�d_�o_�m_�a_�i_�n _�l_�o_�g_�o_�n_�s = no
domain master
domain master (G)
Tell s�sm�mb�bd�d(8) to enable WAN-wide browse list collation. Setting
this option causes n�nm�mb�bd�d to claim a special domain specific Net-
BIOS name that identifies it as a domain master browser for its
given _�w_�o_�r_�k_�g_�r_�o_�u_�p. Local master browsers in the same _�w_�o_�r_�k_�g_�r_�o_�u_�p on
broadcast-isolated subnets will give this n�nm�mb�bd�d their local
browse lists, and then ask s�sm�mb�bd�d(8) for a complete copy of the
browse list for the whole wide area network. Browser clients
will then contact their local master browser, and will receive
the domain-wide browse list, instead of just the list for their
broadcast-isolated subnet.
Note that Windows NT Primary Domain Controllers expect to be
able to claim this _�w_�o_�r_�k_�g_�r_�o_�u_�p specific special NetBIOS name that
identifies them as domain master browsers for that _�w_�o_�r_�k_�g_�r_�o_�u_�p by
default (i.e. there is no way to prevent a Windows NT PDC from
attempting to do this). This means that if this parameter is set
and n�nm�mb�bd�d claims the special name for a _�w_�o_�r_�k_�g_�r_�o_�u_�p before a Win-
dows NT PDC is able to do so then cross subnet browsing will
behave strangely and may fail.
If d�do�om�ma�ai�in�n l�lo�og�go�on�ns�s =�= y�ye�es�s, then the default behavior is to enable
the _�d_�o_�m_�a_�i_�n _�m_�a_�s_�t_�e_�r parameter. If _�d_�o_�m_�a_�i_�n _�l_�o_�g_�o_�n_�s is not enabled
(the default setting), then neither will _�d_�o_�m_�a_�i_�n _�m_�a_�s_�t_�e_�r be
enabled by default.
Default: _�d_�o_�m_�a_�i_�n _�m_�a_�s_�t_�e_�r = auto
dont descend
dont descend (S)
There are certain directories on some systems (e.g., the _�/_�p_�r_�o_�c
tree under Linux) that are either not of interest to clients or
are infinitely deep (recursive). This parameter allows you to
specify a comma-delimited list of directories that the server
should always show as empty.
Note that Samba can be very fussy about the exact format of the
"dont descend" entries. For example you may need _�._�/_�p_�r_�o_�c instead
of just _�/_�p_�r_�o_�c. Experimentation is the best policy :-)
Default: _�d_�o_�n_�t _�d_�e_�s_�c_�e_�n_�d =
Example: _�d_�o_�n_�t _�d_�e_�s_�c_�e_�n_�d = /proc,/dev
dos charset
dos charset (G)
DOS SMB clients assume the server has the same charset as they
do. This option specifies which charset Samba should talk to DOS
clients.
The default depends on which charsets you have installed. Samba
tries to use charset 850 but falls back to ASCII in case it is
not available. Run t�te�es�st�tp�pa�ar�rm�m(1) to check the default on your sys-
tem.
N�No�o d�de�ef�fa�au�ul�lt�t
dos filemode
dos filemode (S)
The default behavior in Samba is to provide UNIX-like behavior
where only the owner of a file/directory is able to change the
permissions on it. However, this behavior is often confusing to
DOS/Windows users. Enabling this parameter allows a user who has
write access to the file (by whatever means) to modify the per-
missions on it. Note that a user belonging to the group owning
the file will not be allowed to change permissions if the group
is only granted read access. Ownership of the file/directory is
not changed, only the permissions are modified.
Default: _�d_�o_�s _�f_�i_�l_�e_�m_�o_�d_�e = no
dos filetime resolution
dos filetime resolution (S)
Under the DOS and Windows FAT filesystem, the finest granularity
on time resolution is two seconds. Setting this parameter for a
share causes Samba to round the reported time down to the near-
est two second boundary when a query call that requires one sec-
ond resolution is made to s�sm�mb�bd�d(8).
This option is mainly used as a compatibility option for Visual
C++ when used against Samba shares. If oplocks are enabled on a
share, Visual C++ uses two different time reading calls to check
if a file has changed since it was last read. One of these calls
uses a one-second granularity, the other uses a two second gran-
ularity. As the two second call rounds any odd second down, then
if the file has a timestamp of an odd number of seconds then the
two timestamps will not match and Visual C++ will keep reporting
the file has changed. Setting this option causes the two times-
tamps to match, and Visual C++ is happy.
Default: _�d_�o_�s _�f_�i_�l_�e_�t_�i_�m_�e _�r_�e_�s_�o_�l_�u_�t_�i_�o_�n = no
dos filetimes
dos filetimes (S)
Under DOS and Windows, if a user can write to a file they can
change the timestamp on it. Under POSIX semantics, only the
owner of the file or root may change the timestamp. By default,
Samba runs with POSIX semantics and refuses to change the times-
tamp on a file if the user s�sm�mb�bd�d is acting on behalf of is not
the file owner. Setting this option to y�ye�es�s allows DOS semantics
and s�sm�mb�bd�d(8) will change the file timestamp as DOS requires.
Default: _�d_�o_�s _�f_�i_�l_�e_�t_�i_�m_�e_�s = no