2 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
3 .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5 .\" Manual: Netatalk 2.0 Manual
6 .\" Source: :NETATALK_VERSION:
9 .TH "AFP_ACLS" "8" "31-01-2009" ":NETATALK_VERSION:" "Netatalk 2.0 Manual"
10 .\" -----------------------------------------------------------------
11 .\" * (re)Define some macros
12 .\" -----------------------------------------------------------------
13 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14 .\" BB/BE - put background/screen (filled box) around block of text
15 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28 .if "\\$2"adjust-for-leading-newline" \{\
39 .ie "\\$2"adjust-for-leading-newline" \{\
40 \M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
43 \M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
54 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
55 .\" BM/EM - put colored marker in margin next to block of text
56 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73 \M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
81 .\" -----------------------------------------------------------------
82 .\" * set default formatting
83 .\" -----------------------------------------------------------------
84 .\" disable hyphenation
86 .\" disable justification (adjust text to left margin only)
88 .\" -----------------------------------------------------------------
89 .\" * MAIN CONTENT STARTS HERE *
90 .\" -----------------------------------------------------------------
92 afp_acls \- Setup and Usage Howto for ACLs with Netatalk
95 ACL support for AFP is implemented with NFSv4 ACLs\&. Few filesystems and fewer OSes support these\&. At the time of implementation its only provided with ZFS on Solaris, Opensolaris and derived distributions\&.
98 In order to be able to support ACLs, the following things have to be configured:
110 You MUST configure two ACL parameters for any volume you want to use with Netatalk:
119 aclinherit = passthrough
120 aclmode = passthrough
129 For an explanation of what these parameters mean and how to apply them see, your hosts ZFS documentation (e\&.g\&. man zfs)\&.
140 Authentication Domain
142 Your server and the clients must be part of a security association where identity data is coming from a common source\&. ACLs in Darwin are based on UUIDs and so is the ACL specification in AFP 3\&.2\&. Therefor your source of identity data has to provide an attribute for every user and group where a UUID is stored as a ASCII string\&.
154 you need an Open Directory Server or an LDAP server where you store UUIDs in some attribute
165 your clients must be configured to use this server
176 your server should be configured to use this server via nsswitch and PAM\&.
183 .nr an-no-space-flag 1
190 This however is not a strict requirement: if you create duplicates of every LDAP/OD user and group with identic attributes (name, uid, gid) in your local data store (/etc/[passwd|group]) ACLs will work
191 \fIas long as user/group names/ids in the filesystem are equal to their counterparts in the LDAP/OD datastore\fR\&.
205 configure Netatalk via ldap\&.conf so that Netatalk is able to retrieve the UUID for users and groups via LDAP search queries
221 to your volume defintion to add ACL support\&. In case your volume basedir doesn\'t grant read permissions via mode (like:
222 \fB0700 root:adm\fR) but only via ACLs, you MUST add the
224 option to the volume defintion\&.
228 \fBafp_ldap.conf\fR(5),
229 \fBAppleVolumes.default\fR(5)