.\" Title: afp.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 19 Mar 2012
+.\" Date: 26 Mar 2012
.\" Manual: Netatalk 3.0
.\" Source: Netatalk 3.0
.\" Language: English
.\"
-.TH "AFP\&.CONF" "5" "19 Mar 2012" "Netatalk 3.0" "Netatalk 3.0"
+.TH "AFP\&.CONF" "5" "26 Mar 2012" "Netatalk 3.0" "Netatalk 3.0"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.RS 4
.\}
.nf
- \fIname\fR = \fIvalue \fR
+\fIname\fR = \fIvalue \fR
.fi
.if n \{\
.RS 4
.\}
.nf
- [baz]
- path = /foo/bar
+[baz]
+path = /foo/bar
.fi
.if n \{\
.RE
.\}
-.sp
.SH "SPECIAL SECTIONS"
.SS "The [Global] section"
.PP
.RS 4
.\}
.nf
- [Homes]
- path = afp\-data
- basedir regex = /home
+[Homes]
+path = afp\-data
+basedir regex = /home
.fi
.if n \{\
Parameters define the specific attributes of sections\&.
.PP
Some parameters are specific to the [Global] section (e\&.g\&.,
-\fIlogtype\fR)\&. All others are permissible only in volume sections\&. The letter
+\fIlog type\fR)\&. All others are permissible only in volume sections\&. The letter
\fIG\fR
in parentheses indicates that a parameter is specific to the [Global] section\&. The letter
\fIV\fR
.PP
uams_randum\&.so
.RS 4
-allows Random Number and Two\-Way Random Number Exchange for authentication (requires a separate file containing the passwords, either :ETCDIR:/afppasswd file or the one specified via
-\fB\-passwdfile\fR\&. See
+allows Random Number and Two\-Way Random Number Exchange for authentication (requires a separate file containing the passwords, either :ETCDIR:/afppasswd file or the one specified via "\fBpasswd file\fR"\&. See
\fBafppasswd\fR(1)
for details\&. (legacy)
.RE
.PP
uam path = \fIpath\fR \fB(G)\fR
.RS 4
-Sets the default path for UAMs for this server (default is :ETCDIR:/uams)\&.
+Sets the default path for UAMs for this server (default is :LIBDIR:/netatalk)\&.
.RE
.PP
k5 keytab = \fIpath\fR \fB(G)\fR, k5 service = \fIservice\fR \fB(G)\fR, k5 realm = \fIrealm\fR \fB(G)\fR
.sp
.RE
.PP
-ldap uuuid attr = \fIdn\fR \fB(G)\fR
+ldap uuid attr = \fIdn\fR \fB(G)\fR
.RS 4
Name of the LDAP attribute with the UUIDs\&.
.sp
option\&.
.RE
.PP
+max connections = \fInumber\fR \fB(G)\fR
+.RS 4
+Sets the maximum number of clients that can simultaneously connect to the server (default is 200)\&.
+.RE
+.PP
sleep time = \fInumber\fR \fB(G)\fR
.RS 4
Keep sleeping AFP sessions for
.PP
advertise ssh = \fIBOOLEAN\fR (default: \fIno\fR) \fB(G)\fR
.RS 4
-Allows Mac OS X clients (10\&.3\&.3\-10\&.4) to automagically establish a tunneled AFP connection through SSH\&. If this option is set, the server\'s answers to client\'s FPGetSrvrInfo requests contain an additional entry\&. It depends on both client\'s settings and a correctly configured and running
+Allows old Mac OS X clients (10\&.3\&.3\-10\&.4) to automagically establish a tunneled AFP connection through SSH\&. If this option is set, the server\'s answers to client\'s FPGetSrvrInfo requests contain an additional entry\&. It depends on both client\'s settings and a correctly configured and running
\fBsshd\fR(8)
on the server to let things work\&.
.if n \{\
zeroconf = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(G)\fR
.RS 4
Whether to use automatic Zeroconf
-service registration if support was compiled in\&.
+service registration if Avahi or mDNSResponder were compiled in\&.
.RE
.PP
use sendfile = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(G)\fR
vol dbpath = \fIpath\fR \fB(G)\fR
.RS 4
Sets the database information to be stored in path\&. You have to specifiy a writable location, even if the volume is read only\&. The default is
-$localstatedir/netatalk/CNID/, where $localstatedir defaults to
-/var\&.
+:STATEDIR:/netatalk/CNID/\&.
.RE
.PP
basedir regex = \fIregex\fR \fB(H)\fR
.RS 4
Use section
\fBname\fR
-as option preset for all volumes (when set in the global section) or for one volume (when set in that volume\'s section)\&.
+as option preset for all volumes (when set in the [Global] section) or for one volume (when set in that volume\'s section)\&.
.RE
.PP
admin group = \fIgroup\fR \fB(G)\fR
Specifies the icon model that appears on clients\&. Defaults to off\&. Examples: RackMac (same as Xserve), PowerBook, PowerMac, Macmini, iMac, MacBook, MacBookPro, MacBookAir, MacPro, AppleTV1,1, AirPort\&.
.RE
.PP
-signature = { user:<text> | auto } \fB(G)\fR
-.RS 4
-Specify a server signature\&. This option is useful while running multiple independent instances of afpd on one machine (eg\&. in clustered environments, to provide fault isolation etc\&.)\&. Default is "auto"\&. "auto" signature type allows afpd generating signature and saving it to
-:ETCDIR:/afp_signature\&.conf
-automatically (based on random number)\&. "host" signature type switches back to "auto" because it is obsoleted\&. "user" signature type allows administrator to set up a signature string manually\&. The maximum length is 16 characters\&.
-.PP
-\fBExample.\ \&Three server definitions using 2 different server signatures\fR
-.sp
-.if n \{\
+signature = <text> \fB(G)\fR
.RS 4
-.\}
-.nf
-first \-signature user:USERS
- second \-signature user:USERS
- third \-signature user:ADMINS
-.fi
-.if n \{\
-.RE
-.\}
-
-
-First two servers will appear as one logical AFP service to the clients \- if user logs in to first one and then connects to second one, session will be automatically redirected to the first one\&. But if client connects to first and then to third, will be asked for password twice and will see resources of both servers\&. Traditional method of signature generation causes two independent afpd instances to have the same signature and thus cause clients to be redirected automatically to server (s)he logged in first\&.
+Specify a server signature\&. The maximum length is 16 characters\&. This option is useful for clustered environments, to provide fault isolation etc\&. By default, afpd generate signature and saving it to
+:STATEDIR:/netatalk/afp_signature\&.conf
+automatically (based on random number)\&. See also asip\-status\&.pl(1)\&.
.RE
.PP
volnamelen = \fInumber\fR \fB(G)\fR
.\}
.nf
73: limit of Mac OS X 10\&.1
- 80: limit for Mac OS X 10\&.4/10\&.5 (default)
- 255: limit of spec
+80: limit of Mac OS X 10\&.4/10\&.5 (default)
+255: limit of recent Mac OS X
.fi
.if n \{\
.RE
.PP
keep sessions = \fIBOOLEAN\fR (default: \fIno\fR) \fB(G)\fR
.RS 4
-Enable "Continuous AFP Service"\&. This means the ability to stop the master afpd process with a SIGQUIT signal, possibly install an afpd update and start the afpd process\&. Existing AFP sessions afpd processes will remain unaffected\&. Technically they will be notified of the master afpd shutdown, sleep 15\-20 seconds and then try to reconnect their IPC channel to the master afpd process\&. If this reconnect fails, the sessions are in an undefined state\&. Therefor it\'s absolutely critical to restart the master process in time!
+Enable "Continuous AFP Service"\&. This means restarting AFP and CNID service daemons master processes, but keeping the AFP session processes\&. This can be used to install (most) updates to Netatalk without interruping active AFP sessions\&. Existing AFP sessions will still run the version from before updating, but new AFP sessions will run the updated code\&. After enabling this option when sending SIGQUIT to the
+\fInetatalk\fR
+service controller process, the AFP and CNID daemons will exit and then the service controller will restart them\&. AFP session processes are notified of the master afpd shutdown, they will then sleep 15\-20 seconds and then try to reconnect their IPC channel to the master afpd process\&. The IPC channel between the AFP master service daemon and the AFP session child is used for keeping session state of AFP sessions in the AFP master process\&. The session state is needed when AFP clients experience eg network outages and try to reconnect to the AFP server\&.
.RE
.PP
map acls = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(G)\fR
log level = \fItype:level [type:level \&.\&.\&.]\fR \fB(G)\fR, log level = \fItype:level,[type:level, \&.\&.\&.]\fR \fB(G)\fR
.RS 4
Specify that any message of a loglevel up to the given
-\fBloglevel\fR
+\fBlog level\fR
should be logged\&.
.sp
By default afpd logs to syslog with a default logging setup equivalent to
.SH "EXPLANATION OF VOLUME PARAMETERS"
.SS "Parameters"
.PP
-The section name defines the volume name which is the name that appears in the Chooser ot the "connect to server" dialog on Macintoshes to represent the appropriate share\&. No two volumes may have the same name\&. The volume name cannot contain the
+The section name defines the volume name which is the name that appears in the Chooser or the "connect to server" dialog on Macintoshes to represent the appropriate share\&. No two volumes may have the same name\&. The volume name cannot contain the
\':\'
-character\&. The volume name is mangled if it is very long\&. Mac charset volume name is limited to 27 characters\&. UTF8\-MAC volume name is limited to \-volnamelen parameter in afpd\&.conf
+character\&. The volume name is mangled if it is very long\&. Mac charset volume name is limited to 27 characters\&. UTF8\-MAC volume name is limited to volnamelen parameter\&.
.PP
path = \fIPATH\fR \fB(V)\fR
.RS 4
.sp
The volume name is the name that appears in the Chooser ot the "connect to server" dialog on Macintoshes to represent the appropriate share\&. If volumename is unspecified, the last component of pathname is used\&. No two volumes may have the same name\&. If there are spaces in the name, it should be in quotes (i\&.e\&. "File Share")\&. The volume name cannot contain the
\':\'
-character\&. The volume name is mangled if it is very long\&. Mac charset volume name is limited to 27 characters\&. UTF8\-MAC volume name is limited to \-volnamelen parameter in afpd\&.conf
+character\&. The volume name is mangled if it is very long\&. Mac charset volume name is limited to 27 characters\&. UTF8\-MAC volume name is limited to volnamelen parameter\&.
.RE
.PP
appledouble = \fIea|v2\fR \fB(V)\fR
.PP
vol size limit = \fIsize in MiB\fR \fB(V)\fR
.RS 4
-Useful for TimeMachine: limits the reported volume size, thus preventing TM from using the whole real disk space for backup\&. Example: "vol size limit = 1000" would limit the reported disk space to 1 GB\&.
+Useful for Time Machine: limits the reported volume size, thus preventing Time Machine from using the whole real disk space for backup\&. Example: "vol size limit = 1000" would limit the reported disk space to 1 GB\&.
\fBIMPORTANT: \fR
-This is an approximated calculation taking into accout the contents of TM sparsebundle images\&. Therefor you MUST NOT use this volume to store other content when using this option, because it would NOT be accounted\&. The calculation works by reading the band size from the Info\&.plist XML file of the sparsebundle, reading the bands/ directory counting the number of band files, and then multiplying one with the other\&.
+This is an approximated calculation taking into accout the contents of Time Machine sparsebundle images\&. Therefor you MUST NOT use this volume to store other content when using this option, because it would NOT be accounted\&. The calculation works by reading the band size from the Info\&.plist XML file of the sparsebundle, reading the bands/ directory counting the number of band files, and then multiplying one with the other\&.
.RE
.PP
valid users = \fIusers/groups\fR \fB(V)\fR
The deny option specifies users and groups who are not allowed access to the share\&. It follows the same format as the "valid users" option\&.
.RE
.PP
-hosts allow = \fIIP host address/IP netmask bits[, \&.\&.\&. ]\fR \fB(V)\fR
+hosts allow = \fIIP host address/IP netmask bits [ \&.\&.\&. ]\fR \fB(V)\fR
.RS 4
Only listed hosts and networks are allowed, all others are rejected\&. The network address may be specified either in dotted\-decimal format for IPv4 or in hexadecimal format for IPv6\&.
.sp
Example: hosts allow = 10\&.1\&.0\&.0/16 10\&.2\&.1\&.100 2001:0db8:1234::/48
.RE
.PP
-hosts deny = \fIIP host address/IP netmask bits [\&.\&.\&.]\fR \fB(V)\fR
+hosts deny = \fIIP host address/IP netmask bits [ \&.\&.\&. ]\fR \fB(V)\fR
.RS 4
Listed hosts and nets are rejected, all others are allowed\&.
.sp
Try
\fBsys\fR
(by setting an EA on the shared directory itself), fallback to
-\fBad\fR\&. Requires writeable volume for perfoming test\&.
-\fBoptions:ro\fR
-overwrites
+\fBad\fR\&. Requires writeable volume for perfoming test\&. "\fBread only = yes\fR" overwrites
\fBauto\fR
with
-\fBnone\fR\&. Use explicit
-\fBea:sys|ad\fR
-for read\-only volumes where appropiate\&.
+\fBnone\fR\&. Use explicit "\fBea = sys|ad\fR" for read\-only volumes where appropiate\&.
.RE
.PP
sys
.RS 4
specifies the Mac client charset for this Volume, e\&.g\&.
\fIMAC_ROMAN\fR,
-\fIMAC_CYRILLIC\fR\&. If not specified the global setting is applied\&. This setting is only required if you need volumes, where the Mac charset differs from the one globally set in the global section
+\fIMAC_CYRILLIC\fR\&. If not specified the global setting is applied\&. This setting is only required if you need volumes, where the Mac charset differs from the one globally set in the [Global] section\&.
.RE
.PP
casefold = \fBoption\fR
\fBfile perm\fR
is for files only,
\fBdirectory perm\fR
-is for directories only\&. Use without
-\fBvol options = noupriv\fR\&.
+is for directories only\&. Don\'t use with "\fBunix priv = no\fR"\&.
.PP
\fBExample.\ \&Volume for a collaborative workgroup\fR
.sp
.PP
umask = \fImode\fR \fB(V)\fR
.RS 4
-set perm mask\&. Use without
-\fBvol options = noupriv\fR\&.
+set perm mask\&. Don\'t use with "\fBunix priv = no\fR"\&.
.RE
.PP
preexec = \fIcommand\fR \fB(V)\fR
convert adouble = \fIBOOLEAN\fR (default: \fItrue\fR) \fB(V)\fR
.RS 4
Whether automatic conversion from
-\fBapple double = v2\fR
+\fBappledouble = v2\fR
to
-\fBapple double = ea\fR
+\fBappledouble = ea\fR
is performed when accessing filesystems from clients\&. This is generally useful, but costs some performance\&. It\'s recommdable to run
\fBdbd\fR
on volumes and do the conversion with that\&. Then this option can be set to no\&.
.RE
.PP
-hex encoding = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(V)\fR
-.RS 4
-Whether :hex encoding is done for file and directory names containing the character
-/\&. Setting this option to no makes the
-/
-character illegal\&.
-.RE
-.PP
invisible dots = \fIBOOLEAN\fR (default: \fIno\fR) \fB(V)\fR
.RS 4
-make dot files invisible\&. Use without
-\fBnousedots\fR\&.
+make dot files invisible\&.
.RE
.PP
network ids = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(V)\fR
unix priv = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(V)\fR
.RS 4
Whether to use AFP3 UNIX privileges\&. This should be set for OS X clients\&. See also:
-\fBfile perm\fR
+\fBfile perm\fR,
+\fBdirectory perm\fR
and
-\fBdirectory perm\fR\&.
-.RE
-.PP
-use dots = \fIBOOLEAN\fR (default: \fIyes\fR) \fB(V)\fR
-.RS 4
-Whether to do :hex translation for dot files\&. See also
-\fBinvisible dots\fR\&.
+\fBumask\fR\&.
.RE
.SH "CNID BACKENDS"
.PP
.PP
cdb
.RS 4
-"Concurrent database", backend is based on Sleepycat\'s Berkely DB\&. With this backend several
+"Concurrent database", backend is based on Oracle Berkely DB\&. With this backend several
\fBafpd\fR
deamons access the CNID database directly\&. Berkeley DB locking is used to synchronize access, if more than one
\fBafpd\fR
projects / netatalk.git / blobdiff