-
-.TP
-.B allow:[users/groups]
-The allow option allows the users and groups that access a share to
-be specified. Users and groups are specified, delimited by commas. Groups
-are designated by a \fB@\fR prefix.
-
-\fIExample:\fR \fBallow:user1,user2,@group\fR
-
-.TP
-.B casefold:[option]
-The casefold option handles how casenames should be mangled. The available
-options are:
-
-\fBtolower\fR - Lowercases names in both directions.
-
-\fBtoupper\fR - Uppercases names in both directions.
-
-\fBxlatelower\fR - Client sees lowercase, server sees uppercase.
-
-\fBxlateupper\fR - Client sees uppercase, server sees lowercase.
-
-.TP
-.B codepage:[nls file]
-The codepage option loads a specific codepage from the nls directory.
-
-.TP
-.B dbpath:[path]
-Sets the database information to be stored in \fBpath\fR.
-
-.TP
-.B deny:[users/groups]
-The deny option specifies users and groups who are not allowed access
-to the share. It follows the same format as the \fBallow\fR option.
-
-.TP
-.B options:[option]
-This allows multiple options to be specified in a comma delimited format.
-The available options are:
-
-\fBcrlf\fR - Enables crlf translation for TEXT files.
-
-\fBlimitsize\fR - Hack for older Macintoshes using newer Appleshare
-clients to limit the disk size reporting to 2 GB.
-
-\fBmswindows\fR - Forces filename restrictions imposed by MS WinXX, and
-invokes the MS default codepage (iso8859-1) if one is not already
-specified.
-
-\fBnoadouble\fR - Forces afpd to not create .AppleDouble unless a resource
-fork needs to be created.
-
-\fBnohex\fR - Disables :hex translations for anything except dot files.
-This option makes the \fB/\fR character illegal.
-
-\fBprodos\fR - Provides compatibility with Apple II clients.
-
-\fBro\fR - Specifies the share as being read only for all users.
-
-\fBusedots\fR - Don't do :hex translation for dot files. This makes all
-files such as .Parent, .Apple* illegal. Dot files created on the server
-side will be invisible to the client.
-
-.TP
-.B password:[password]
-This option allows you to set a volume password, which can be a maximum
-of 8 characters long.
-
-.TP
-.B rolist:[users/groups]
-Allows certain users and groups to have read-only access to a share.
-This follows the \fBallow\fR option format.
-
-.TP
-.B rwlist:[users/groups]
-Allows certain users and groups to have read/write access to a share.
-This follows the \fBallow\fR option format.
-
-.P
-The variables which can be used for subsitutions are:
-
-.TP
-.B $c
-client's ip or appletalk address
-
-.TP
-.B $f
+.PP
+adouble:\fI[v1|v2|osx]\fR
+.RS 4
+Specify the format of the metadata files, which are used for saving Mac resource fork as well\&. Earlier versions used AppleDouble V1, the new default format is V2\&. Starting with Netatalk 2\&.0, the scheme MacOS X 10\&.3\&.x uses, is also supported\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+\fBadouble:osx\fR
+\fBcannot\fR
+be treated normally any longer\&. Its only aim was to temporarely share eg\&. FAT32 formatted FireWire harddrives written on a Macintosh with afpd\&. Apple\'s metadata scheme lacks several essential features, so using it on the server\'s side will break both CNIDs and MacOS 9 compatibility\&. AppleDouble file of Mac OS X 10\&.6 is incompatible to V1 and V2\&.
+.sp .5v
+.RE
+.RE
+.PP
+volsizelimit:\fIsize in MiB\fR
+.RS 4
+Useful for TimeMachine: limits the reported volume size, thus preventing TM from using the whole real disk space for backup\&. Example: "volsizelimit:1000" would limit the reported disk space to 1 GB\&.
+.RE
+.PP
+allow:\fI[users/groups]\fR
+.RS 4
+The allow option allows the users and groups that access a share to be specified\&. Users and groups are specified, delimited by commas\&. Groups are designated by a @ prefix\&. Example: allow:user1,user2,@group
+.RE
+.PP
+deny:\fI[users/groups]\fR
+.RS 4
+The deny option specifies users and groups who are not allowed access to the share\&. It follows the same format as the allow option\&.
+.RE
+.PP
+allowed_hosts:\fI[IP host address/IP netmask bits[, \&.\&.\&. ]]\fR
+.RS 4
+Only listed hosts and networks are allowed, all others are rejected\&. The network address may be specified either in dotted\-decimal format for IPv4 or in hexadecimal format for IPv6\&.
+.sp
+Example: allowed_hosts:10\&.1\&.0\&.0/16,10\&.2\&.1\&.100,2001:0db8:1234::/48
+.RE
+.PP
+denied_hosts:\fI[IP host address/IP netmask bits[, \&.\&.\&.]]\fR
+.RS 4
+Listed hosts and nets are rejected, all others are allowed\&.
+.sp
+Example: denied_hosts: 192\&.168\&.100/24,10\&.1\&.1\&.1,2001:db8::1428:57ab
+.RE
+.PP
+cnidscheme:\fI[backend]\fR
+.RS 4
+set the CNID backend to be used for the volume, default is [:DEFAULT_CNID_SCHEME:] available schemes: [:COMPILED_BACKENDS:]
+.RE
+.PP
+dbpath:\fI[path]\fR
+.RS 4
+Sets the database information to be stored in path\&. You have to specifiy a writable location, even if the volume is read only\&.
+.RE
+.PP
+cnidserver:\fI[fqdn|IP[:port]]\fR
+.RS 4
+Query this servername or IP address (default:\fIlocalhost\fR) and port (default:
+\fI4700\fR) for CNIDs\&. Only used with CNID backend "\fIdbd\fR"\&. This option here overrides any setting from
+afpd\&.conf:\fBcnidserver\fR\&.
+.RE
+.PP
+ea:\fI[none|auto|sys|ad]\fR
+.RS 4
+Specify how Extended Attributes
+are stored\&.
+\fBauto\fR
+is the default\&.
+.PP
+auto
+.RS 4
+Try
+\fBsys\fR
+(by setting an EA on the shared directory itself), fallback to
+\fBad\fR\&. Requires writeable volume for perfoming test\&.
+\fBoptions:ro\fR
+overwrites
+\fBauto\fR
+with
+\fBnone\fR\&. Use explicit
+\fBea:sys|ad\fR
+for read\-only volumes where appropiate\&.
+.RE
+.PP
+sys
+.RS 4
+Use filesystem Extended Attributes\&.
+.RE
+.PP
+ad
+.RS 4
+Use files in
+\fI\&.AppleDouble\fR
+directories\&.
+.RE
+.PP
+none
+.RS 4
+No Extended Attributes support\&.
+.RE
+.RE
+.PP
+maccharset:\fI[charset]\fR
+.RS 4
+specifies the mac client codepage for this Volume, e\&.g\&. "MAC_ROMAN", "MAC_CYRILLIC"\&. If not specified the setting from
+afpd\&.conf
+is inherited\&. This setting is only required if you need volumes, where the mac codepage differs from the one globally set in
+afpd\&.conf\&.
+.RE
+.PP
+options:\fI[option]\fR
+.RS 4
+This allows multiple options to be specified in a comma delimited format\&. The available options are:
+.PP
+searchdb
+.RS 4
+Use fast CNID database namesearch instead of slow recursive filesystem search\&. Relies on a consistent CNID database, ie Samba or local filesystem access lead to inaccurate or wrong results\&. Works only for "dbd" CNID db volumes\&.
+.RE
+.PP
+tm
+.RS 4
+Enable Time Machine suport for this volume\&.
+.RE
+.PP
+invisibledots
+.RS 4
+Use with
+\fBusedots\fR: make dot files invisible\&.
+.RE
+.PP
+limitsize
+.RS 4
+Limit disk size reporting to 2GB\&. This can be used for older Macintoshes using newer Appleshare clients\&.
+.RE
+.PP
+preexec_close
+.RS 4
+a non\-zero return code from preexec close the volume being immediately, preventing clients to mount/see the volume in question\&.
+.RE
+.PP
+ro
+.RS 4
+Specifies the share as being read only for all users\&. The \&.AppleDB directory has to be writeable, you can use the
+\fB\-dbpath\fR
+option to relocate it\&. Overwrites
+\fBea:auto\fR
+with
+\fBea:none\fR
+.RE
+.PP
+root_preexec_close
+.RS 4
+a non\-zero return code from root_preexec closes the volume immediately, preventing clients to mount/see the volume in question\&.
+.RE
+.PP
+upriv
+.RS 4
+use AFP3 unix privileges\&. Become familiar with the new "unix privileges" AFP permissions concepts in MacOS X before using this option\&. See also:
+\fBperm|fperm|dperm\fR\&.
+.RE
+.PP
+usedots
+.RS 4
+Don\'t do :hex translation for dot files\&. note: when this option gets set, certain file names become illegal\&. These are \&.Parent and anything that starts with \&.Apple\&. See also
+\fBinvisibledots\fR\&.
+.RE
+.RE
+.PP
+password:\fI[password]\fR
+.RS 4
+This option allows you to set a volume password, which can be a maximum of 8 characters long (using ASCII strongly recommended at the time of this writing)\&.
+.RE
+.PP
+perm|fperm|dperm:\fI[mode]\fR
+.RS 4
+Add(or) with the client requested permissions:
+\fBperm\fR
+affects files and directories,
+\fBfperm\fR
+is for files only,
+\fBdperm\fR
+is for directories only\&. Use with
+\fBoptions:upriv\fR\&.
+.PP
+\fBExample.\ \&Volume for a collaborative workgroup\fR
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+/path/to/volume "Workgroup" options:upriv dperm:0770 fperm:0660
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+umask:\fI[mode]\fR
+.RS 4
+set perm mask\&. Use with
+\fBoptions:upriv\fR\&.
+.RE
+.PP
+preexec:\fI[command]\fR
+.RS 4
+command to be run when the volume is mounted, ignored for user defined volumes
+.RE
+.PP
+postexec:\fI[command]\fR
+.RS 4
+command to be run when the volume is closed, ignored for user defined volumes
+.RE
+.PP
+root_preexec:\fI[command]\fR
+.RS 4
+command to be run as root when the volume is mounted, ignored for user defined volumes
+.RE
+.PP
+root_postexec:\fI[command]\fR
+.RS 4
+command to be run as root when the volume is closed, ignored for user defined volumes
+.RE
+.PP
+rolist:[\fBusers/groups\fR]
+.RS 4
+Allows certain users and groups to have read\-only access to a share\&. This follows the allow option format\&.
+.RE
+.PP
+rwlist:\fI[users/groups]\fR
+.RS 4
+Allows certain users and groups to have read/write access to a share\&. This follows the allow option format\&.
+.RE
+.PP
+veto:\fI[vetoed names]\fR
+.RS 4
+hide files and directories,where the path matches one of the \'/\' delimited vetoed names\&. The veto string must always be terminated with a \'/\', eg\&. "veto1/", "veto1/veto2/"\&.
+.RE
+.PP
+volcharset:\fI[charset]\fR
+.RS 4
+specifies the volume codepage, e\&.g\&. "UTF8", "UTF8\-MAC", "ISO\-8859\-15"\&. Defaults to "UTF8"\&.
+.RE
+.SH "VARIABLE SUBSTITUTIONS"
+.PP
+You can use variables in both volume path and volume name\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 1.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 1." 4.2
+.\}
+if you specify an unknown variable, it will not get converted\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 2.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 2." 4.2
+.\}
+if you specify a known variable, but that variable doesn\'t have a value, it will get ignored\&.
+.RE
+.PP
+The variables which can be used for substitutions are:
+.PP
+$b
+.RS 4
+basename
+.RE
+.PP
+$c
+.RS 4
+client\'s ip or appletalk address
+.RE
+.PP
+$d
+.RS 4
+volume pathname on server
+.RE
+.PP
+$f
+.RS 4