From 031fe950bb0bab78fcc4df143e78c6ff2e7e3c55 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Thu, 1 Jul 2004 14:52:34 +0000
Subject: [PATCH] Document force unknown acl user

---
 docs/smbdotconf/security/forceunknownacluser.xml | 27 ++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs/smbdotconf/security/forceunknownacluser.xml

diff --git a/docs/smbdotconf/security/forceunknownacluser.xml b/docs/smbdotconf/security/forceunknownacluser.xml
new file mode 100644
index 00000000000..c54b9b03381
--- /dev/null
+++ b/docs/smbdotconf/security/forceunknownacluser.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="force unknown acl user"
+                 context="S"
+				 type="boolean"
+                 xmlns:samba="http://samba.org/common">
+
+<description>
+    <para>If this parameter is set, a Windows NT ACL that contains an unknown
+              SID (security descriptor, or representation of a user or group
+              id) as the owner or group owner of the file will be silently
+              mapped into the current UNIX uid or gid of the currently
+              connected user.</para>
+
+    <para>This is designed to allow Windows NT clients to copy files and
+              folders containing ACLs that were created locally on the client
+              machine and contain users local to that machine only (no domain
+              users) to be copied to a Samba server (usually with XCOPY /O)
+              and have the unknown userid and groupid of the file owner map to
+              the current connected user.  This can only be fixed correctly
+              when winbindd allows arbitrary mapping from any Windows NT SID
+              to a UNIX uid or gid.</para>
+
+    <para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED
+    error.</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
-- 
2.11.4.GIT