svn commit: samba-docs r533 - in trunk/Samba-HOWTO-Collection: .

jht at samba.org jht at samba.org
Tue May 3 15:56:34 GMT 2005 

Author: jht
Date: 2005-05-03 15:56:33 +0000 (Tue, 03 May 2005)
New Revision: 533

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=533

Log:
More updates from feedback.
Modified:
   trunk/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml
   trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml
   trunk/Samba-HOWTO-Collection/index.xml


Changeset:
Modified: trunk/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml
===================================================================
--- trunk/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml	2005-05-03 10:26:13 UTC (rev 532)
+++ trunk/Samba-HOWTO-Collection/TOSHARG-AccessControls.xml	2005-05-03 15:56:33 UTC (rev 533)
@@ -352,10 +352,12 @@
 	An overview of the permissions field can be found in <link linkend="access1">Overview of UNIX permissions field</link>.
 	</para>
 
-	<image id="access1"><imagedescription>Overview of UNIX permissions field.</imagedescription><imagefile scale="40">access1</imagefile></image>
+	<image id="access1"><imagedescription>Overview of UNIX permissions field.</imagedescription>
+		<imagefile scale="40">access1</imagefile></image>
 
 	<para>
-	Any bit flag may be unset. An unset bit flag is the equivalent of <quote>cannot</quote> and is represented as a <quote>-</quote> character.
+		Any bit flag may be unset. An unset bit flag is the equivalent of <quote>cannot</quote> and is represented
+		as a <quote>-</quote> character.
 
 	<example>
 		<title>Example File</title>
@@ -373,9 +375,9 @@
 	</para>
 
 	<para>
-	The letters <constant>rwxXst</constant> set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x),
-	execute  only  if  the  file  is a directory or already has execute permission for some user (X), set user or group ID on execution (s),
-	sticky (t).
+	The letters <constant>rwxXst</constant> set permissions for the user, group and others as: read (r), write (w),
+	execute (or access for directories) (x), execute  only  if  the  file  is a directory or already has execute
+	permission for some user (X), set user or group ID on execution (s), sticky (t).
 	</para>
 
 	<para>
@@ -406,11 +408,21 @@
 	For example, Windows NT/2K/XP provides the capacity to set access controls on a directory into which people can
 	write files but not delete them. It is possible to set an ACL on a Windows file that permits the file to be written to
 	but not deleted. Such concepts are foreign to the UNIX operating system file space. Within the UNIX file system
-	anyone who has the ability to create a file can write to it, and has the capability to delete it. Of necessity, Samba
-	is subject to the file system semantics of the host operating system. Samba is therefore limited in the file system
-	capabilities that can be made available through Windows ACLs, and therefore performs a <quote>best fit</quote>
-	translation to POSIX ACLs. Some UNIX file systems do however support a feature known as extended attributes. Only
-	the Windows concept of <quote>inheritance</quote> is implemented by Samba through the appropriate extended attribute.
+	anyone who has the ability to create a file can write to it, and has the capability to delete it.
+	</para>
+
+	<para>
+	For the record, in the UNIX environment the ability to delete a file is controlled by the permissions on
+	the directory that the file is in. In other words, a user can delete a file in a directory to which that
+	user had write access, even if that user does not own the file.
+	</para>
+	
+	<para>
+	Of necessity, Samba is subject to the file system semantics of the host operating system. Samba is therefore
+	limited in the file system capabilities that can be made available through Windows ACLs, and therefore performs
+	a <quote>best fit</quote> translation to POSIX ACLs. Some UNIX file systems do however support a feature known
+	as extended attributes. Only the Windows concept of <quote>inheritance</quote> is implemented by Samba through
+	the appropriate extended attribute.
 	</para>	
 
 	<para>

Modified: trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml
===================================================================
--- trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml	2005-05-03 10:26:13 UTC (rev 532)
+++ trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml	2005-05-03 15:56:33 UTC (rev 533)
@@ -69,7 +69,8 @@
 	<para>
 	<indexterm><primary>IDMAP</primary></indexterm>
 	In both cases, when winbindd is not running, only locally resolvable groups can be recognized. Please refer to
-	<link linkend="idmap-sid2gid">IDMAP: group SID to GID resolution</link> and <link linkend="idmap-gid2sid">IDMAP: GID resolution to matching SID</link>. 
+	<link linkend="idmap-sid2gid">IDMAP: group SID to GID resolution</link> and
+	<link linkend="idmap-gid2sid">IDMAP: GID resolution to matching SID</link>. 
 	The <command>net groupmap</command> is
 	used to establish UNIX group to NT SID mappings as shown in <link linkend="idmap-store-gid2sid">IDMAP: storing group mappings</link>.
 	</para>
@@ -200,6 +201,25 @@
 	</para>
 
 	<sect2>
+	<title>Warning &smbmmdsh; User Private Group Problems</title>
+
+	<para>
+	Windows does not permit user and group accounts to have the same name.
+	This has serious implications for all sites that use private group accounts.
+	A private group account is an administrative practice whereby users are each
+	given their own group account. Red Hat Linux, as well as several free distributions
+	of Linux by default create private groups.
+	</para>
+
+	<para>
+	When mapping a UNIX/Linux group to a Windows group account all conflict can
+	be avoided by assuring that the Windows domain group name does not overlap
+	with any user account name.
+	</para>
+
+	</sect2>
+
+	<sect2>
 	<title>Important Administrative Information</title>
 
 	<para>

Modified: trunk/Samba-HOWTO-Collection/index.xml
===================================================================
--- trunk/Samba-HOWTO-Collection/index.xml	2005-05-03 10:26:13 UTC (rev 532)
+++ trunk/Samba-HOWTO-Collection/index.xml	2005-05-03 15:56:33 UTC (rev 533)
@@ -117,6 +117,7 @@
 	<xi:include href="TOSHARG-Backup.xml"/>
 	<xi:include href="TOSHARG-HighAvailability.xml"/>
 	<xi:include href="TOSHARG-LargeFile.xml"/>
+	<!--	<xi:include href="TOSHARG-SecureLDAP.xml"/> -->
 
 </part>
 
@@ -149,7 +150,7 @@
 
 <!-- Comment out the following line to include the manpages.
 	 *Please* do not commit with the line below enabled! -->
-	<!--<xi:include href="manpages.xml"/>-->
+	 <!--	 <xi:include href="manpages.xml"/> -->
 	<xi:include href="http://www.gnu.org/licenses/gpl.xml"/>
 
 	<xi:include href="TOSHARG-glossary.xml"/>

More information about the samba-cvs mailing list