--- samba-3.0.20/docs/manpages/smb.conf.5.orig 2005-09-11 18:38:19.000000000 +0200 +++ samba-3.0.20/docs/manpages/smb.conf.5 2005-09-11 18:44:48.000000000 +0200 @@ -78,10 +78,23 @@ .PP The following sample section defines a file space share\&. The user has write access to the path \fI/home/bar\fR\&. The share is accessed via the share name foo: - \fI[foo]\fR\fIpath = /home/bar\fR\fIread only = read only = no\fR + +.nf +[foo] + path = /home/bar + read only = no +.fi .PP The following sample section defines a printable share\&. The share is read\-only, but printable\&. That is, the only write access permitted is via calls to open, write to and close a spool file\&. The \fBguest ok\fR parameter means access will be permitted as the default guest user (specified elsewhere): - \fI[aprinter]\fR\fIpath = /usr/spool/public\fR\fIread only = yes\fR\fIprintable = yes\fR\fIguest ok = yes\fR + +.nf +[aprinter] + path = /usr/spool/public + read only = yes + printable = yes + guest ok = yes +.fi + .SH "SPECIAL SECTIONS" .SS "The [global] section" @@ -124,7 +137,11 @@ .PP The [homes] section can specify all the parameters a normal service section can specify, though some make more sense than others\&. The following is a typical and suitable [homes] section: - \fI[homes]\fR\fIread only = no\fR + +.nf +[homes] + read only = no +.fi .PP An important point is that if guest access is specified in the [homes] section, all home directories will be visible to all clients \fBwithout a password\fR\&. In the very unlikely event that this is actually desirable, it is wise to also specify \fBread only access\fR\&. @@ -161,15 +178,19 @@ .PP Typically the path specified is that of a world\-writeable spool directory with the sticky bit set on it\&. A typical [printers] entry looks like this: - \fI[printers]\fR\fIpath = /usr/spool/public\fR\fIguest ok = yes\fR\fIprintable = yes\fR + +.nf +[printers] + path = /usr/spool/public + guest ok = yes + printable = yes +.fi .PP All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned\&. If your printing subsystem doesn't work like that, you will have to set up a pseudo\-printcap\&. This is a file consisting of one or more lines like this: .nf alias|alias|alias|alias\&.\&.\&. .fi - - .PP Each alias should be an acceptable printer name for your printing subsystem\&. In the [global] section, specify the new file as your printcap\&. The server will only recognize names found in your pseudo\-printcap, which of course can contain whatever aliases you like\&. The same technique could be used simply to limit access to a subset of your local printers\&. @@ -1045,24 +1066,18 @@ Where the script dfree (which must be made executable) could be: - .nf - #!/bin/sh df $1 | tail \-1 | awk '{print $2" "$4}' .fi - or perhaps (on Sys V based systems): - .nf - #!/bin/sh /usr/bin/df \-k $1 | tail \-1 | awk '{print $3" "$5}' .fi - Note that you may have to replace the command names with full path names on some systems\&. Default: \fB\fIdfree command\fR = # By default internal routines for determining the disk capacity and remaining space will be used\&. \fR @@ -2173,8 +2188,9 @@ The contents of the batch file are entirely your choice\&. A suggested command would be to add \fBNET TIME \\\\SERVER /SET /YES\fR, to force every machine to synchronize clocks with the same time server\&. Another use would be to add \fBNET USE U: \\\\SERVER\\UTILS\fR for commonly used utilities, or .nf - \fBNET USE Q: \\\\SERVER\\ISO9001_QA\fR.fi - for example\&. + \fBNET USE Q: \\\\SERVER\\ISO9001_QA\fR +.fi +for example\&. Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached\&. @@ -3199,9 +3215,7 @@ A minimal printcap file would look something like this: - .nf - print1|My Printer 1 print2|My Printer 2 print3|My Printer 3 @@ -3209,7 +3223,6 @@ print5|My Printer 5 .fi - where the '|' separates aliases of a printer\&. The fact that the second alias has a space in it gives a hint to Samba that it's a comment\&. @@ -3812,7 +3825,8 @@ /sbin/shutdown $3 $4 +$time $1 & .fi - Shutdown does not return so we need to launch it in background\&. + +Shutdown does not return so we need to launch it in background\&. Default: \fB\fIshutdown script\fR = \fR @@ -4049,10 +4063,10 @@ When you are using the heimdal Kerberos libraries, you must also specify the following in \fI/etc/krb5\&.conf\fR: .nf - [libdefaults] default_keytab_name = FILE:/etc/krb5\&.keytab .fi + Default: \fB\fIuse kerberos keytab\fR = False \fR .TP @@ -4141,14 +4155,11 @@ The following example would map mary and fred to the unix user sys, and map the rest to guest\&. Note the use of the '!' to tell Samba to stop processing if it gets a match on that line\&. - .nf - !sys = mary fred guest = * .fi - Note that the remapping is applied to all occurrences of usernames\&. Thus if you connect to \\\\server\\fred and \fB fred\fR is remapped to \fBmary\fR then you will actually be connecting to \\\\server\\mary and will need to supply a password suitable for \fBmary\fR not \fBfred\fR\&. The only exception to this is the username passed to the password server (if you have one)\&. The password server will receive whatever username the client supplies without modification\&. Also note that no reverse mapping is done\&. The main effect this has is with printing\&. Users who have been mapped may have trouble deleting print jobs as PrintManager under WfWg will think they don't own the print job\&.