'\" t
.\"     Title: vfs_acl_tdb
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 02/17/2025
.\"    Manual: System Administration tools
.\"    Source: Samba 4.21.4-Debian-4.21.4+dfsg-1
.\"  Language: English
.\"
.TH "VFS_ACL_TDB" "8" "02/17/2025" "Samba 4\&.21\&.4\-Debian\-4\&.21\&.4+dfs" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
vfs_acl_tdb \- Save NTFS\-ACLs in a tdb file
.SH "SYNOPSIS"
.HP \w'\ 'u
vfs objects = acl_tdb
.SH "DESCRIPTION"
.PP
This VFS module is part of the
\fBsamba\fR(7)
suite\&.
.PP
The
vfs_acl_tdb
VFS module stores NTFS Access Control Lists (ACLs) in a tdb file\&. This enables the full mapping of Windows ACLs on Samba servers\&.
.PP
The ACL settings are stored in
$LOCKDIR/file_ntacls\&.tdb\&.
.PP
This module forces the following parameters:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
inherit acls = true
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
dos filemode = true
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
force unknown acl user = true
.RE
.sp
.RE
.PP
This module is stackable\&.
.SH "OPTIONS"
.PP
acl_tdb:ignore system acls = [yes|no]
.RS 4
When set to
\fIyes\fR, a best effort mapping from/to the POSIX ACL layer will
\fInot\fR
be done by this module\&. The default is
\fIno\fR, which means that Samba keeps setting and evaluating both the system ACLs and the NT ACLs\&. This is better if you need your system ACLs be set for local or NFS file access, too\&. If you only access the data via Samba you might set this to yes to achieve better NT ACL compatibility\&.
.sp
If
\fIacl_tdb:ignore system acls\fR
is set to
\fIyes\fR, the following additional settings will be enforced:
.RS
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
create mask = 0666
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
directory mask = 0777
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
map archive = no
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
map hidden = no
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
map readonly = no
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
map system = no
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
store dos attributes = yes
.RE
.sp
.RE
.RE
.PP
acl_tdb:default acl style = [posix|windows|everyone]
.RS 4
This parameter determines the type of ACL that is synthesized in case a file or directory lacks an
\fIsecurity\&.NTACL\fR
xattr\&.
.sp
When set to
\fIposix\fR, an ACL will be synthesized based on the POSIX mode permissions for user, group and others, with an additional ACE for
\fINT Authority\eSYSTEM\fR
will full rights\&.
.sp
When set to
\fIwindows\fR, an ACL is synthesized the same way Windows does it, only including permissions for the owner and
\fINT Authority\eSYSTEM\fR\&.
.sp
When set to
\fIeveryone\fR, an ACL is synthesized giving full permissions to everyone (S\-1\-1\-0)\&.
.sp
The default for this option is
\fIposix\fR\&.
.RE
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.