From: Björn Jacke <bj@sernet.de>
Date: Mon, 20 Jun 2022 19:13:32 +0000 (+0200)
Subject: docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters
X-Git-Tag: tevent-0.13.0~337
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7011573e13f246d5ed66ebfc47b08dd1fa0bfc14;p=thirdparty%2Fsamba.git

docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
---

diff --git a/docs-xml/manpages/nfs4.xml.include b/docs-xml/manpages/nfs4.xml.include
new file mode 100644
index 00000000000..29cad9eb95c
--- /dev/null
+++ b/docs-xml/manpages/nfs4.xml.include
@@ -0,0 +1,57 @@
+<variablelist>
+
+<varlistentry>
+	<term>nfs4:mode = [ simple | special ]</term>
+	<listitem>
+	<para>
+	Controls substitution of special IDs (OWNER@ and GROUP@) on NFS4 ACLs.
+	The use of mode simple is recommended.
+	In this mode only non inheriting ACL entries for the file owner
+	and group are mapped to special IDs.
+	</para>
+
+	<para>The following MODEs are understood by the module:</para>
+	<itemizedlist>
+	<listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
+	<listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
+	</itemizedlist>
+	</listitem>
+
+</varlistentry>
+
+<varlistentry>
+	<term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
+	<listitem>
+	<para>
+	This parameter configures how Samba handles duplicate ACEs encountered in NFS4 ACLs.
+	They allow creating duplicate ACEs with different bits for same ID, which may confuse the Windows clients.
+	</para>
+
+	<para>Following is the behaviour of Samba for different values :</para>
+	<itemizedlist>
+	<listitem><para><command>dontcare</command> - copy the ACEs as they come</para></listitem>
+	<listitem><para><command>reject (deprecated)</command> - stop operation and exit with error on ACL set op</para></listitem>
+	<listitem><para><command>ignore (deprecated)</command> - don't include the second matching ACE</para></listitem>
+	<listitem><para><command>merge (default)</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
+	</itemizedlist>
+	</listitem>
+</varlistentry>
+
+
+<varlistentry>
+	<term>nfs4:chown = [yes|no]</term>
+	<listitem>
+	<para>This parameter allows enabling or disabling the chown supported
+	by the underlying filesystem. This parameter should be enabled with
+	care as it might leave your system insecure.</para>
+	<para>Some filesystems allow chown as a) giving b) stealing. It is the latter
+	that is considered a risk.</para>
+	<para>Following is the behaviour of Samba for different values : </para>
+	<itemizedlist>
+	<listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
+	<listitem><para><command>no (default)</command> - Disable chown</para></listitem>
+	</itemizedlist>
+	</listitem>
+</varlistentry>
+
+</variablelist>