2 .\" Title: AppleVolumes.default
3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.74.3 <http://docbook.sf.net/>
6 .\" Manual: Netatalk 2.1
7 .\" Source: Netatalk 2.1
10 .TH "APPLEVOLUMES\&.DEFAU" "5" "31 Mar 2010" "Netatalk 2.1" "Netatalk 2.1"
11 .\" -----------------------------------------------------------------
12 .\" * set default formatting
13 .\" -----------------------------------------------------------------
14 .\" disable hyphenation
16 .\" disable justification (adjust text to left margin only)
18 .\" -----------------------------------------------------------------
19 .\" * MAIN CONTENT STARTS HERE *
20 .\" -----------------------------------------------------------------
22 AppleVolumes.default \- Configuration file used by \fBafpd\fR(8) to determine the shares made available through AFP
25 :ETCDIR:/AppleVolumes\&.default
26 is the configuration file used by
28 to determine what portions of the file system will be shared via Apple Filing Protocol, as well as their behaviour\&. Any line not prefixed with # is interpreted\&. Newline escaping is supported\&. The configuration lines are composed like:
31 \fI[ volume name ] [ options ]\fR
33 The path name must be a fully qualified path name, or a path name using either the ~ shell shorthand or any of the substitution variables, which are listed below\&.
35 The volume name is the name that appears in the Chooser ot the "connect to server" dialog on Macintoshes to represent the appropriate share\&. If there are spaces in the name, it should be in quotes (i\&.e\&. "File Share")\&. The volume name cannot contain the
37 character\&. The volume name is mangled if it is very long\&. Mac codepage volume name is limited to 27 characters\&. UTF8\-MAC volume name is limited to \-volnamelen parameter in afpd\&.conf
43 .nr an-no-space-flag 1
51 Each volume has to be configured on a
53 line\&. Though newline escaping is supported\&.
57 It is possible to specify default options for all volumes with a
58 \fI:DEFAULT: \fRline preceeding these volume definitions:.PP \fBExample.\ \&:DEFAULT: configuration line\fR .PP :DEFAULT: options:upriv,usedots dbpath:/var/dbd/AppleDB/$v dperm:0775 fperm:0664
60 The possible options and their meanings are:
62 adouble:\fI[v1|v2|osx]\fR
64 Specify the format of the metadata files, which are used for saving Mac resource fork as well\&. Earlier versions used AppleDouble V1, the new default format is V2\&. Starting with Netatalk 2\&.0, the scheme MacOS X 10\&.3\&.x uses, is also supported\&.
70 .nr an-no-space-flag 1
79 be treated normally any longer\&. Its only aim was to temporarely share eg\&. FAT32 formatted FireWire harddrives written on a Macintosh with afpd\&. Apple\'s metadata scheme lacks several essential features, so using it on the server\'s side will break both CNIDs and MacOS 9 compatibility\&. AppleDouble file of Mac OS X 10\&.6 is incompatible to V1 and V2\&.
84 volsizelimit:\fIsize in MiB\fR
86 Useful for TimeMachine: limits the reported volume size, thus preventing TM from using the whole real disk space for backup\&. Example: "volsizelimit:1000" would limit the reported disk space to 1 GB\&.
89 allow:\fI[users/groups]\fR
91 The allow option allows the users and groups that access a share to be specified\&. Users and groups are specified, delimited by commas\&. Groups are designated by a @ prefix\&. Example: allow:user1,user2,@group
94 deny:\fI[users/groups]\fR
96 The deny option specifies users and groups who are not allowed access to the share\&. It follows the same format as the allow option\&.
99 allowed_hosts:\fI[IP host address/IP netmask bits[, \&.\&.\&. ]]\fR
101 Only listed hosts and networks are allowed, all others are rejected\&. The network address may be specified either in dotted\-decimal format for IPv4 or in hexadecimal format for IPv6\&.
103 Example: allowed_hosts:10\&.1\&.0\&.0/16,10\&.2\&.1\&.100,2001:0db8:1234::/48
106 denied_hosts:\fI[IP host address/IP netmask bits[, \&.\&.\&.]]\fR
108 Listed hosts and nets are rejected, all others are allowed\&.
110 Example: denied_hosts: 192\&.168\&.100/24,10\&.1\&.1\&.1,2001:db8::1428:57ab
113 cnidscheme:\fI[backend]\fR
115 set the CNID backend to be used for the volume, default is [:DEFAULT_CNID_SCHEME:] available schemes: [:COMPILED_BACKENDS:]
120 Sets the database information to be stored in path\&. You have to specifiy a writable location, even if the volume is read only\&.
123 cnidserver:\fI[fqdn|IP[:port]]\fR
125 Query this servername or IP address (default:\fIlocalhost\fR) and port (default:
126 \fI4700\fR) for CNIDs\&. Only used with CNID backend "\fIdbd\fR"\&. This option here overrides any setting from
127 afpd\&.conf:\fBcnidserver\fR\&.
130 ea:\fI[none|auto|sys|ad]\fR
132 Specify how Extended Attributes
141 (by setting an EA on the shared directory itself), fallback to
142 \fBad\fR\&. Requires writeable volume for perfoming test\&.
147 \fBnone\fR\&. Use explicit
149 for read\-only volumes where appropiate\&.
154 Use filesystem Extended Attributes\&.
166 No Extended Attributes support\&.
170 maccharset:\fI[charset]\fR
172 specifies the mac client codepage for this Volume, e\&.g\&. "MAC_ROMAN", "MAC_CYRILLIC"\&. If not specified the setting from
174 is inherited\&. This setting is only required if you need volumes, where the mac codepage differs from the one globally set in
178 options:\fI[option]\fR
180 This allows multiple options to be specified in a comma delimited format\&. The available options are:
184 Enable ACLs on this volume\&. Requires a
186 compatible filesystem (e\&.g\&. ZFS) and an ACL API compatible to *Solaris\&. In other words: this requires Solaris, Opensolaris or a derived distribution\&.
191 Enable Time Machine suport for this volume\&.
197 \fBusedots\fR: make dot files invisible\&.
202 Limit disk size reporting to 2GB\&. This can be used for older Macintoshes using newer Appleshare clients\&.
207 a non\-zero return code from preexec close the volume being immediately, preventing clients to mount/see the volume in question\&.
212 Specifies the share as being read only for all users\&. The \&.AppleDB directory has to be writeable, you can use the
214 option to relocate it\&. Overwrites
222 a non\-zero return code from root_preexec closes the volume immediately, preventing clients to mount/see the volume in question\&.
227 use AFP3 unix privileges\&. Become familiar with the new "unix privileges" AFP permissions concepts in MacOS X before using this option\&. See also:
228 \fBperm|fperm|dperm\fR\&.
233 Don\'t do :hex translation for dot files\&. note: when this option gets set, certain file names become illegal\&. These are \&.Parent and anything that starts with \&.Apple\&. See also
234 \fBinvisibledots\fR\&.
238 password:\fI[password]\fR
240 This option allows you to set a volume password, which can be a maximum of 8 characters long (using ASCII strongly recommended at the time of this writing)\&.
243 perm|fperm|dperm:\fI[mode]\fR
245 Add(or) with the client requested permissions:
247 affects files and directories,
251 is for directories only\&. Use with
252 \fBoptions:upriv\fR\&.
254 \fBExample.\ \&Volume for a collaborative workgroup\fR
260 /path/to/volume "Workgroup" options:upriv dperm:0770 fperm:0660
272 preexec:\fI[command]\fR
274 command to be run when the volume is mounted, ignored for user defined volumes
277 postexec:\fI[command]\fR
279 command to be run when the volume is closed, ignored for user defined volumes
282 root_preexec:\fI[command]\fR
284 command to be run as root when the volume is mounted, ignored for user defined volumes
287 root_postexec:\fI[command]\fR
289 command to be run as root when the volume is closed, ignored for user defined volumes
292 rolist:[\fBusers/groups\fR]
294 Allows certain users and groups to have read\-only access to a share\&. This follows the allow option format\&.
297 rwlist:\fI[users/groups]\fR
299 Allows certain users and groups to have read/write access to a share\&. This follows the allow option format\&.
302 veto:\fI[vetoed name]\fR
304 hide files and directories,where the path matches one of the \'/\' delimited vetoed names\&. Matches are partial, e\&.g\&. path is
306 and veto:/abc/ will hide the file\&.
309 volcharset:\fI[charset]\fR
311 specifies the volume codepage, e\&.g\&. "UTF8", "UTF8\-MAC", "ISO\-8859\-15"\&. Defaults to "UTF8"\&.
313 .SH "VARIABLE SUBSTITUTIONS"
315 You can use variables in both volume path and volume name\&.
325 if you specify an unknown variable, it will not get converted\&.
336 if you specify a known variable, but that variable doesn\'t have a value, it will get ignored\&.
339 The variables which can be used for substitutions are:
348 client\'s ip or appletalk address
353 volume pathname on server
358 full name (contents of the gecos field in the passwd file)
373 client\'s ip, without port
378 server name (this can be the hostname)
383 user name (if guest, it is the user that guest is running as)
388 volume name (either ADEID_NAME or basename of path)
393 appletalk zone (may not exist)
398 prints dollar sign ($)
401 \fBExample.\ \&Using variable substitution when defining volumes\fR
407 /home/groups/$g "Groupdir for $g"
408 ~ "$f is the best one"
414 We define "groupdirs" for each primary group and use a personalized server name for homedir shares\&.
417 The AFP protocol mostly refers to files and directories by ID and not by name\&. Netatalk needs a way to store these ID\'s in a persistent way, to achieve this several different CNID backends are available\&. The CNID Databases are by default located in the
419 folder in the volume root\&.
423 "Concurrent database", backend is based on Sleepycat\'s Berkely DB\&. With this backend several
425 deamons access the CNID database directly\&. Berkeley DB locking is used to synchronize access, if more than one
427 process is active for a volume\&. The drawback is, that the crash of a single
429 process might corrupt the database\&.
434 Access to the CNID database is restricted to the
438 processes communicate with the daemon for database reads and updates\&. If built with Berkeley DB transactions the probability for database corruption is practically zero, but performance can be slower than with
444 This backend is an exception, in terms of ID persistency\&. ID\'s are only valid for the current session\&. This is basically what
446 did in the 1\&.5 (and 1\&.6) versions\&. This backend is still available, as it is useful for e\&.g\&. sharing cdroms\&.
450 recommended to use this backend for volumes anymore, as
452 now relies heavily on a persistent ID database\&. Aliases will likely not work and filename mangling is not supported\&.
456 \fB\&./configure \-\-help\fR
457 might show that there are other CNID backends available, be warned those are likely broken or mainly used for testing\&. Don\'t use them unless you know what you\'re doing, they may be removed without further notice from future versions\&.
458 .SH "CHARSET OPTIONS"
460 With OS X Apple introduced the AFP3 protocol\&. One of the most important changes was that AFP3 uses unicode names encoded as UTF\-8 decomposed\&. Previous AFP/OS versions used codepages, like MacRoman, MacCentralEurope, etc\&.
463 needs a way to preserve extended macintosh characters, or characters illegal in unix filenames, when saving files on a unix filesystem\&. Earlier versions used the the so called CAP encoding\&. An extended character (>0x7F) would be converted to a :xx sequence, e\&.g\&. the Apple Logo (MacRoman: 0XF0) was saved as
464 :f0\&. Some special characters will be converted as to :xx notation as well\&. \'/\' will be encoded to
467 is not specified, a leading dot \'\&.\' will be encoded as
470 This version now uses UTF\-8 as the default encoding for names\&. Special characters, like \'/\' and a leading \'\&.\' will still be CAP style encoded \&.
474 option will allow you to select another volume encoding\&. E\&.g\&. for western users another useful setting could be \-volcharset ISO\-8859\-15\&.
478 provided charset\&. If a character cannot be converted from the mac codepage to the selected volcharset, afpd will save it as a CAP encoded character\&. For AFP3 clients,
480 will convert the UTF\-8
483 first\&. If this conversion fails, you\'ll receive a \-50 error on the mac\&.
485 \fINote\fR: Whenever you can, please stick with the default UTF\-8 volume format\&.
486 .SH "COMPATIBILITY WITH EARLIER VERSIONS"
488 To use a volume created with an earlier
490 version, you\'ll have to specify the following options:
492 \fBExample.\ \&use a 1.x style volume\fR
498 /path/to/volume "Volname" adouble:v1 volcharset:ASCII
504 In case you used an NLS you could try using a compatible iconv charset for
505 \fB\-volcharset\fR\&.
507 \fBExample.\ \&use a 1.x style volume, created with maccode.iso8859-1\fR
513 /path/to/volume "Volname" adouble:v1 volcharset:ISO\-8859\-1
519 You should consider converting old style volumes to the new UTF\-8/AD2 format\&. The safest way to do this, is to create a new volume with the default options and copy the files between this volumes with a mac\&.
521 \fINote\fR: Using above example options will allow you to downgrade to 1\&.x netatalk again\&.
523 \fINote\fR: Some 1\&.x NLS files used non standard mappings, e\&.g\&.
524 maccode\&.iso8859\-1\&.adapted\&. Three 1\&.x CAP double\-byte maccharsets are incompatible to netatalk 2\&.x; "MAC_CHINESE_TRAD", "MAC_JAPANESE" and "MAC_KOREAN"\&. These are not supported anymore\&. You\'ll have to copy the contents of those volumes files to a Mac and then back to the netatalk server, preferably to an UTF\-8 volume\&.
525 .SH "ADVANCED OPTIONS"
527 The following options should only be used after serious consideration\&. Be sure you fully understood the, sometimes complex, consequences, before using them\&.
529 casefold:\fB[option]\fR
531 The casefold option handles, if the case of filenames should be changed\&. The available options are:
534 \- Lowercases names in both directions\&.
537 \- Uppercases names in both directions\&.
540 \- Client sees lowercase, server sees uppercase\&.
543 \- Client sees uppercase, server sees lowercase\&.
546 options:[\fBoption\fR]
548 This allows multiple options to be specified in a comma delimited format\&. The available options are:
552 The underlying filesystem is case insensitive (only tested with JFS in OS2 mode)\&.
557 Enables crlf translation for TEXT files, automatically converting macintosh line breaks into Unix ones\&. Use of this option might be dangerous since some older programs store binary data files as type "TEXT" when saving and switch the filetype in a second step\&.
559 will potentially destroy such files when "erroneously" changing bytes in order to do line break translation\&.
564 Allows a volume to be declared as being a "dropbox\&." Note that netatalk must be compiled with dropkludge support for this to function\&.
565 \fIWarning\fR: This option is deprecated and might not work as expected\&.
575 Forces filename restrictions imposed by MS WinXX\&.
576 \fIWarning\fR: This is
578 recommened for volumes mainly used by Macs\&. Please make sure you fully understand this option before using it\&.
584 .nr an-no-space-flag 1
591 This option breaks direct saving to netatalk volumes from some applications, i\&.e\&. OfficeX\&.
600 to not create \&.AppleDouble directories unless macintosh metadata needs to be written\&. This option is only useful if you want to share files mostly used NOT by macs, causing
602 to not automatically create \&.AppleDouble subdirs containing AD header files in every directory it enters (which will it do by default)\&.
604 In case, you save or change files from mac clients, AD metadata files have to be written even in case you set this option\&. So you can\'t avoid the creation of \&.AppleDouble directories and its contents when you give macs write access to a share and they make use of it\&.
615 doesn\'t store the ID information in AppleDouble V2 header files\&. As these IDs are used for caching and as a database backup, this option normally shouldn\'t be set\&.
620 always use 0 for device number, helps when the device number is not constant across a reboot, cluster, \&.\&.\&.
625 don\'t advertise createfileid, resolveid, deleteid calls\&.
630 Disables :hex translations for anything except dot files\&. This option makes the
631 \'/\' character illegal\&.
636 don\'t stat volume path when enumerating volumes list, useful for automounting or volumes created by a preexec script\&.
641 Provides compatibility with Apple II clients\&. (legacy)
648 \fBafp_ldap.conf\fR(5),