X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=blobdiff_plain;f=doc%2Fmanpages%2Fman5%2Fafp.conf.5.xml;fp=doc%2Fmanpages%2Fman5%2Fafp.conf.5.xml;h=44b5a4681806a0e8cb8ed24c885455c4165d23bc;hp=0000000000000000000000000000000000000000;hb=530376ceef7d0d5e4187dbf7246bd217782d9e5a;hpb=15da22106694bff9f2fc58da86f0554abb810837 diff --git a/doc/manpages/man5/afp.conf.5.xml b/doc/manpages/man5/afp.conf.5.xml new file mode 100644 index 00000000..44b5a468 --- /dev/null +++ b/doc/manpages/man5/afp.conf.5.xml @@ -0,0 +1,1960 @@ + + + + afp.conf + + 5 + + 30 Apr 2013 + + :NETATALK_VERSION: + + + + afp.conf + + Netatalk configuration file + afp.conf + + + + + SYNOPSIS + + The afp.conf file is the configuration file for + the Netatalk AFP file server. + + All AFP specific configuration and AFP volume definitions are done + via this file. + + + + FILE FORMAT + + The file consists of sections and parameters. A section begins with + the name of the section in square brackets and continues until the next + section begins. Sections contain parameters of the form: + name = value + + + The file is line-based - that is, each newline-terminated line + represents either a comment, a section name or a parameter. + + Section and parameter names are case sensitive. + + Only the first equals sign in a parameter is significant. Whitespace + before or after the first equals sign is discarded. Leading, trailing and + internal whitespace in section and parameter names is irrelevant. Leading + and trailing whitespace in a parameter value is discarded. Internal + whitespace within a parameter value is retained verbatim. + + Any line beginning with a semicolon (;) or a hash + (#) character is ignored, as are lines containing only + whitespace. + + Any line ending in a \ is + continued on the next line in the customary UNIX fashion. + + The values following the equals sign in parameters are all either a + string (no quotes needed) or a boolean, which may be given as yes/no, 1/0 + or true/false. Case is not significant in boolean values, but is preserved + in string values. Some items such as create masks are numeric. + + The parameter allows you to include one config + file inside another. The file is included literally, as though typed in + place. Nested includes are not supported. + + + + SECTION DESCRIPTIONS + + Each section in the configuration file (except for the [Global] + section) describes a shared resource (known as a volume). + The section name is the name of the volume and the parameters within the + section define the volume attributes and options. + + There are two special sections, [Global] and [Homes], which are + described under special sections. The following notes + apply to ordinary section descriptions. + + A volume consists of a directory to which access is being given plus + a description of the access rights which are granted to the user of the + service. For volumes the option must specify the + directory to share. + + Any volume section without option is + considered a vol preset which can be selected in + other volume sections via the option and + constitutes defaults for the volume. For any option specified both in a + preset and in a volume section the volume section + setting completely substitutes the preset option. + + The access rights granted by the server are masked by the access + rights granted to the specified or guest UNIX user by the host system. The + server does not grant more access than the host system grants. + + The following sample section defines an AFP volume. The user has + full access to the path /foo/bar. The share is + accessed via the share name baz: [baz] + path = /foo/bar + + + + SPECIAL SECTIONS + + + The [Global] section + + Parameters in this section apply to the server as a whole. + Parameters denoted by a (G) below are must be set in this + section. + + + + The [Homes] section + + This section enable sharing of the UNIX server user home + directories. Specifying an optional parameter + means that not the whole user home will be shared but the subdirectory + . It is necessary to define the option. It should be a regex which matches the parent + directory of the user homes. Parameters denoted by a (H) belong to + volume sections. The optional parameter can + be used to change the AFP volume name which $u's + home by default. See below under VARIABLE + SUBSTITUTIONS. + + The following example illustrates this. Given all user home + directories are stored under /home: + [Homes] + path = afp-data + basedir regex = /home For a user + john this results in an AFP home volume with a path + of /home/john/afp-data. + + If contains symlink, set the + canonicalized absolute path. When /home links to + /usr/home: [Homes] + basedir regex = /usr/home + + + + + PARAMETERS + + Parameters define the specific attributes of sections. + + Some parameters are specific to the [Global] section (e.g., + log type). All others are permissible only in volume + sections. The letter G in parentheses indicates that + a parameter is specific to the [Global] section. The letter + V indicates that a parameter can be specified in a + volume specific section. + + + + VARIABLE SUBSTITUTIONS + + You can use variables in volume names. The use of variables in paths + is not supported for now. + + + + if you specify an unknown variable, it will not get + converted. + + + + if you specify a known variable, but that variable doesn't have + a value, it will get ignored. + + + + The variables which can be used for substitutions are: + + + + $b + + + basename + + + + + $c + + + client's ip address + + + + + $d + + + volume pathname on server + + + + + $f + + + full name (contents of the gecos field in the passwd + file) + + + + + $g + + + group name + + + + + $h + + + hostname + + + + + $i + + + client's ip, without port + + + + + $s + + + server name (this can be the hostname) + + + + + $u + + + user name (if guest, it is the user that guest is running + as) + + + + + $v + + + volume name + + + + + $$ + + + prints dollar sign ($) + + + + + + + EXPLANATION OF GLOBAL PARAMETERS + + + Authentication Options + + + + ad domain = DOMAIN + (G) + + + Append @DOMAIN to username when authenticating. Useful in + Active Directory environments that otherwise would require the + user to enter the full user@domain string. + + + + + admin auth user = user + (G) + + + Specifying eg "" + whenever a normal user login fails, afpd will try to authenticate + as the specified . If this + succeeds, a normal session is created for the original connecting + user. Said differently: if you know the password of , you can authenticate as any other user. + + + + + k5 keytab = path + (G) + + k5 service = service + (G) + + k5 realm = realm + (G) + + + These are required if the server supports the Kerberos 5 + authentication UAM. + + + + + nt domain = DOMAIN + (G) + + nt separator = SEPARATOR + (G) + + + Use for eg. winbind authentication, prepends both strings + before the username from login and then tries to authenticate with + the result through the available and active UAM authentication + modules. + + + + + save password = BOOLEAN (default: + yes) (G) + + + Enables or disables the ability of clients to save passwords + locally. + + + + + set password = BOOLEAN (default: + no) (G) + + + Enables or disables the ability of clients to change their + passwords via chooser or the "connect to server" dialog. + + + + + uam list = uam list + (G) + + + Space or comma separated list of UAMs. (The default is + "uams_dhx.so uams_dhx2.so"). + + The most commonly used UAMs are: + + + + uams_guest.so + + + allows guest logins + + + + + uams_clrtxt.so + + + (uams_pam.so or uams_passwd.so) Allow logins with + passwords transmitted in the clear. (legacy) + + + + + uams_randum.so + + + allows Random Number and Two-Way Random Number + Exchange for authentication (requires a separate file + containing the passwords, either :ETCDIR:/afppasswd file or + the one specified via "". See + + afppasswd + + 1 + for details. (legacy) + + + + + uams_dhx.so + + + (uams_dhx_pam.so or uams_dhx_passwd.so) Allow + Diffie-Hellman eXchange (DHX) for authentication. + + + + + uams_dhx2.so + + + (uams_dhx2_pam.so or uams_dhx2_passwd.so) Allow + Diffie-Hellman eXchange 2 (DHX2) for authentication. + + + + + uam_gss.so + + + Allow Kerberos V for authentication (optional) + + + + + + + + uam path = path + (G) + + + Sets the default path for UAMs for this server (default is + :LIBDIR:/netatalk). + + + + + + + Charset Options + + With OS X Apple introduced the AFP3 protocol. One of the big + changes was, that AFP3 uses Unicode names encoded as Decomposed UTF-8 + (UTF8-MAC). Previous AFP/OS versions used charsets like MacRoman, + MacCentralEurope, etc. + + To be able to serve AFP3 and older clients at the same time, + afpd needs to be able to convert between UTF-8 and + Mac charsets. Even OS X clients partly still rely on the mac charset. As + there's no way, afpd can detect the codepage a pre + AFP3 client uses, you have to specify it using the option. The default is MacRoman, which should be fine + for most western users. + + As afpd needs to interact with UNIX operating + system as well, it need's to be able to convert from UTF8-MAC / Mac + charset to the UNIX charset. By default afpd uses + UTF8. You can set the UNIX charset using the + option. If you're using extended + characters in the configuration files for afpd, make + sure your terminal matches the . + + + + mac charset = CHARSET + (G)/(V) + + + Specifies the Mac clients charset, e.g. + MAC_ROMAN. This is used to convert strings + and filenames to the clients codepage for OS9 and Classic, i.e. + for authentication and AFP messages (SIGUSR2 messaging). This will + also be the default for the volumes . + Defaults to MAC_ROMAN. + + + + + unix charset = CHARSET + (G) + + + Specifies the servers unix charset, e.g. + ISO-8859-15 or EUC-JP. + This is used to convert strings to/from the systems locale, e.g. + for authentication, server messages and volume names. If + LOCALE is set, the systems locale is used. + Defaults to UTF8. + + + + + vol charset = CHARSET + (G)/(V) + + + Specifies the encoding of the volumes filesystem. By + default, it is the same as . + + + + + + + Password Options + + + + passwd file = path + (G) + + + Sets the path to the Randnum UAM passwd file for this server + (default is :ETCDIR:/afppasswd). + + + + + passwd minlen = number + (G) + + + Sets the minimum password length, if supported by the + UAM + + + + + + + Network Options + + + + advertise ssh = BOOLEAN (default: + no) (G) + + + Allows old Mac OS X clients (10.3.3-10.4) to automagically + establish a tunneled AFP connection through SSH. If this option is + set, the server's answers to client's FPGetSrvrInfo requests + contain an additional entry. It depends on both client's settings + and a correctly configured and running + sshd + + 8 + on the server to let things work. + + + Setting this option is not recommended since globally + encrypting AFP connections via SSH will increase the server's + load significantly. On the other hand, Apple's client side + implementation of this feature in MacOS X versions prior to + 10.3.4 contained a security flaw. + + + + + + afp listen = ip address[:port] [ip address[:port] + ...] (G) + + + Specifies the IP address that the server should advertise + and listens to. The default is + advertise the first IP address of the system, but to listen for + any incoming request. The network address may be specified either + in dotted-decimal format for IPv4 or in hexadecimal format for + IPv6. + + + + + afp port = port number + (G) + + + Allows a different TCP port to be used for AFP. The default + is 548. Also sets the default port applied when none specified in + an option. + + + + + cnid listen = ip address[:port] [ip + address[:port] ...] (G) + + + Specifies the IP address that the CNID server should listen + on. The default is localhost:4700. + + + + + disconnect time = number + (G) + + + Keep disconnected AFP sessions for + number hours before dropping them. Default + is 24 hours. + + + + + dsireadbuf = number + (G) + + + Scale factor that determines the size of the DSI/TCP + readahead buffer, default is 12. This is multiplies with the DSI + server quantum (default ~300k) to give the size of the buffer. + Increasing this value might increase throughput in fast local + networks for volume to volume copies. Note: + This buffer is allocated per afpd child process, so specifying + large values will eat up large amount of memory (buffer size * + number of clients). + + + + + fqdn = name:port + (G) + + + Specifies a fully-qualified domain name, with an optional + port. This is discarded if the server cannot resolve it. This + option is not honored by AppleShare clients <= 3.8.3. This + option is disabled by default. Use with caution as this will + involve a second name resolution step on the client side. Also + note that afpd will advertise this name:port combination but not + automatically listen to it. + + + + + hostname = name + (G) + + + Use this instead of the result from calling hostname for + determining which IP address to advertise, therefore the hostname + is resolved to an IP which is the advertised. This is NOT used for + listening and it is also overwritten by . + + + + + max connections = number + (G) + + + Sets the maximum number of clients that can simultaneously + connect to the server (default is 200). + + + + + server quantum = number + (G) + + + This specifies the DSI server quantum. The default value is + 1 MB. The maximum value is 0xFFFFFFFFF, the minimum is 32000. If + you specify a value that is out of range, the default value will + be set. Do not change this value unless you're absolutely sure, + what you're doing + + + + + sleep time = number + (G) + + + Keep sleeping AFP sessions for number + hours before disconnecting clients in sleep mode. Default is 10 + hours. + + + + + tcprcvbuf = number + (G) + + + Try to set TCP receive buffer using setsockpt(). Often OSes + impose restrictions on the applications ability to set this + value. + + + + + tcpsndbuf = number + (G) + + + Try to set TCP send buffer using setsockpt(). Often OSes + impose restrictions on the applications ability to set this + value. + + + + + use sendfile = BOOLEAN (default: + yes) (G) + + + Whether to use sendfile + sendfile + syscall for sending file data to clients. + + + + + zeroconf = BOOLEAN (default: + yes) (G) + + + Whether to use automatic Zeroconf + Zeroconf + + Bonjour + service registration if Avahi or mDNSResponder were + compiled in. + + + + + + + Miscellaneous Options + + + + admin group = group + (G) + + + Allows users of a certain group to be seen as the superuser + when they log in. This option is disabled by default. + + + + + afp read locks = BOOLEAN (default: + no) (G) + + + Whether to apply locks to the byte region read in FPRead + calls. The AFP spec mandates this, but it's not really in line + with UNIX semantics and is a performance hug. + + + + + afpstats = BOOLEAN (default: + no) (G) + + + Whether to provide AFP runtime statistics (connected + users, open volumes) via dbus. + + + + + basedir regex = regex + (H) + + + Regular expression which matches the parent directory of the + user homes. If contains symlink, + you must set the canonicalized absolute path. In the simple case + this is just a path ie + + + + + close vol = BOOLEAN (default: + no) (G) + + + Whether to close volumes possibly opened by clients when + they're removed from the configuration and the configuration is + reloaded. + + + + + cnid server = ipaddress[:port] + (G)/(V) + + + Specifies the IP address and port of a cnid_metad server, + required for CNID dbd backend. Defaults to localhost:4700. The + network address may be specified either in dotted-decimal format + for IPv4 or in hexadecimal format for IPv6.- + + + + + dircachesize = number + (G) + + + Maximum possible entries in the directory cache. The cache + stores directories and files. It is used to cache the full path to + directories and CNIDs which considerably speeds up directory + enumeration. + + Default size is 8192, maximum size is 131072. Given value is + rounded up to nearest power of 2. Each entry takes about 100 + bytes, which is not much, but remember that every afpd child + process for every connected user has its cache. + + + + + extmap file = path + (G) + + + Sets the path to the file which defines file extension + type/creator mappings. (default is :ETCDIR:/extmap.conf). + + + + + guest account = name + (G) + + + Specifies the user that guests should use (default is + "nobody"). The name should be quoted. + + + + + home name = name + (H) + + + AFP user home volume name. The default is user's + home. + + + + + login message = message + (G)/(V) + + + Sets a message to be displayed when clients logon to the + server. The message should be in and + should be quoted. Extended characters are allowed. + + + + + mimic model = model + (G) + + + Specifies the icon model that appears on clients. Defaults + to off. Note that afpd must support Zeroconf. + Examples: RackMac (same as Xserve), PowerBook, PowerMac, + Macmini, iMac, MacBook, MacBookPro, MacBookAir, MacPro, + AppleTV1,1, AirPort. + + + + + signature = <text> (G) + + + Specify a server signature. The maximum length is 16 + characters. This option is useful for clustered environments, to + provide fault isolation etc. By default, afpd generate signature + and saving it to + :STATEDIR:/netatalk/afp_signature.conf + automatically (based on random number). See also + asip-status.pl(1). + + + + + solaris share reservations = + BOOLEAN (default: + yes) (G) + + + Use share reservations on Solaris. Solaris CIFS server uses + this too, so this makes a lock coherent multi protocol + server. + + + + + vol dbpath = path + (G) + + + Sets the database information to be stored in path. You have + to specify a writable location, even if the volume is read only. + The default is + :STATEDIR:/netatalk/CNID/. + + + + + volnamelen = number + (G) + + + Max length of UTF8-MAC volume name for Mac OS X. Note that + Hangul is especially sensitive to this. + + 73: limit of Mac OS X 10.1 80: limit of Mac + OS X 10.4/10.5 (default) 255: limit of recent Mac OS + X Mac OS 9 and earlier are not influenced by + this, because Maccharset volume name is always limited to 27 + bytes. + + + + + vol preset = name + (G)/(V) + + + Use section as option preset for all + volumes (when set in the [Global] section) or for one volume (when + set in that volume's section). + + + + + + + Logging Options + + + + log file = logfile + (G) + + + If not specified Netatalk logs to syslogs daemon facility. + Otherwise it logs to . + + + + + log level = type:level [type:level + ...] (G) + + log level = type:level,[type:level, + ...] (G) + + + Specify that any message of a loglevel up to the given + should be logged. + + By default afpd logs to syslog with a default logging setup + equivalent to + + logtypes: default, afpdaemon, logger, uamsdaemon + + loglevels: severe, error, warn, note, info, debug, debug6, + debug7, debug8, debug9, maxdebug + + + Both logtype and loglevels are case insensitive. + + + + + + + + Filesystem Change Events (FCE<indexterm> + <primary>FCE</primary> + </indexterm>) + + Netatalk includes a nifty filesystem change event mechanism where + afpd processes notify interested listeners about certain filesystem + event by UDP network datagrams. + + + + fce listener = host[:port] + (G) + + + Enables sending FCE events to the specified + host, default port + is 12250 if not specified. Specifying multiple listeners is done + by having this option once for each of them. + + + + + fce events = + fmod,fdel,ddel,fcre,dcre,tmsz + (G) + + + Specifies which FCE events are active, default is + fmod,fdel,ddel,fcre,dcre. + + + + + fce coalesce = all|delete|create + (G) + + + Coalesce FCE events. + + + + + fce holdfmod = seconds + (G) + + + This determines the time delay in seconds which is always + waited if another file modification for the same file is done by a + client before sending an FCE file modification event (fmod). For + example saving a file in Photoshop would generate multiple events + by itself because the application is opening, modifying and + closing a file multiple times for every "save". Default: 60 + seconds. + + + + + + + Debug Parameters + + These options are useful for debugging only. + + + + tickleval = number + (G) + + + Sets the tickle timeout interval (in seconds). Defaults to + 30. + + + + + timeout = number + (G) + + + Specify the number of tickles to send before timing out a + connection. The default is 4, therefore a connection will timeout + after 2 minutes. + + + + + client polling = BOOLEAN (default: + no) (G) + + + With this option enabled, afpd won't advertise that it is + capable of server notifications, so that connected clients poll + the server every 10 seconds to detect changes in opened server + windows. Note: Depending on the number of + simultaneously connected clients and the network's speed, this can + lead to a significant higher load on your network! + + Do not use this option any longer as present Netatalk + correctly supports server notifications, allowing connected + clients to update folder listings in case another client changed + the contents. + + + + + + + Options for ACL handling + + By default, the effective permission of the authenticated user are + only mapped to the mentioned UARights permission structure, not the UNIX + mode. You can adjust this behaviour with the configuration option + : + + + + map acls = none|rights|mode + (G) + + + + + none + + + no mapping of ACLs + + + + + rights + + + effective permissions are mapped to UARights + structure. This is the default. + + + + + mode + + + ACLs are additionally mapped to the UNIX mode of the + filesystem object. + + + + + + + + If you want to be able to display ACLs on the client, you must + setup both client and server as part on a authentication domain + (directory service, eg LDAP, Open Directory, Active Directory). The + reason is, in OS X ACLs are bound to UUIDs, not just uid's or gid's. + Therefor Netatalk must be able to map every filesystem uid and gid to a + UUID so that it can return the server side ACLs which are bound to UNIX + uid and gid mapped to OS X UUIDs. + + Netatalk can query a directory server using LDAP queries. Either + the directory server already provides an UUID attribute for user and + groups (Active Directory, Open Directory) or you reuse an unused + attribute (or add a new one) to you directory server (eg + OpenLDAP). + + The following LDAP options must be configured for Netatalk: + + + + ldap auth method = none|simple|sasl + (G) + + + Authentication method: + + + + none + + + anonymous LDAP bind + + + + + simple + + + simple LDAP bind + + + + + sasl + + + SASL. Not yet supported ! + + + + + + + + ldap auth dn = dn + (G) + + + Distinguished Name of the user for simple bind. + + + + + ldap auth pw = password + (G) + + + Distinguished Name of the user for simple bind. + + + + + ldap server = host + (G) + + + Name or IP address of your LDAP Server. This is only needed + for explicit ACL support in order to be able to query LDAP for + UUIDs. + + You can use + afpldaptest + + 1 + to syntactically check your config. + + + + + ldap userbase = base dn + (G) + + + DN of the user container in LDAP. + + + + + ldap userscope = scope + (G) + + + Search scope for user search: + + + + + ldap groupbase = base dn + (G) + + + DN of the group container in LDAP. + + + + + ldap groupscope = scope + (G) + + + Search scope for user search: + + + + + ldap uuid attr = dn + (G) + + + Name of the LDAP attribute with the UUIDs. + + Note: this is used both for users and groups. + + + + + ldap name attr = dn + (G) + + + Name of the LDAP attribute with the users short name. + + + + + ldap uuid string = STRING + (G) + + + Format of the uuid string in the directory. A series of x + and -, where every x denotes a value 0-9a-f and every - is a + separator. + + Default: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + + + + + ldap uuid encoding = string | ms-guid (default: + string) (G) + + + Format of the UUID of the LDAP attribute, allows usage of + the binary objectGUID fields from Active Directory. If left + unspecified, string is the default, which passes through the ASCII + UUID returned by most other LDAP stores. If set to ms-guid, the + internal UUID representation is converted to and from the binary + format used in the objectGUID attribute found on objects in Active + Directory when interacting with the server. + + + + string + + + UUID is a string, use with eg OpenDirectory. + + + + + ms-guid + + + Binary objectGUID from Active Directory + + + + + + + + ldap group attr = dn + (G) + + + Name of the LDAP attribute with the groups short + name. + + + + + + + + EXPLANATION OF VOLUME PARAMETERS + + + Parameters + + The section name defines the volume name. + No two volumes may have the same + name. The volume name cannot contain the ':' + character. The volume name is mangled if it is very long. Mac charset + volume name is limited to 27 characters. UTF8-MAC volume name is limited + to volnamelen parameter. + + + + path = PATH (V) + + + The path name must be a fully qualified path name. + + + + + appledouble = ea|v2 + (V) + + + Specify the format of the metadata files, which are used for + saving Mac resource fork as well. Earlier versions used + AppleDouble v2, the new default format is ea. + + + + + vol size limit = size in MiB + (V) + + + Useful for Time Machine: limits the reported volume size, + thus preventing Time Machine from using the whole real disk space + for backup. Example: "vol size limit = 1000" would limit the + reported disk space to 1 GB. IMPORTANT: + This is an approximated calculation taking into + account the contents of Time Machine sparsebundle images. Therefor + you MUST NOT use this volume to store other content when using + this option, because it would NOT be accounted. The calculation + works by reading the band size from the Info.plist XML file of the + sparsebundle, reading the bands/ directory counting the number of + band files, and then multiplying one with the other. + + + + + valid users = user @group + (V) + + + The allow option allows the users and groups that access a + share to be specified. Users and groups are specified, delimited + by spaces or commas. Groups are designated by a @ prefix. Names + may be quoted in order to allow for spaces in names. Example: + valid users = user "user 2" @group “@group 2" + + + + + invalid users = users/groups + (V) + + + The deny option specifies users and groups who are not + allowed access to the share. It follows the same format as the + "valid users" option. + + + + + hosts allow = IP host address/IP netmask bits [ + ... ] (V) + + + Only listed hosts and networks are allowed, all others are + rejected. The network address may be specified either in + dotted-decimal format for IPv4 or in hexadecimal format for + IPv6. + + Example: hosts allow = 10.1.0.0/16 10.2.1.100 + 2001:0db8:1234::/48 + + + + + hosts deny = IP host address/IP netmask bits [ + ... ] (V) + + + Listed hosts and nets are rejected, all others are + allowed. + + Example: hosts deny = 192.168.100/24 10.1.1.1 + 2001:db8::1428:57ab + + + + + cnid scheme = backend + (V) + + + set the CNID backend to be used for the volume, default is + [:DEFAULT_CNID_SCHEME:] available schemes: + [:COMPILED_BACKENDS:] + + + + + ea = none|auto|sys|ad + (V) + + + Specify how Extended Attributes + Extended Attributes + are stored. is the + default. + + + + auto + + + Try (by setting an EA on the + shared directory itself), fallback to . + Requires writable volume for performing test. "" overwrites with + . Use explicit "" for read-only volumes where + appropriate. + + + + + sys + + + Use filesystem Extended Attributes. + + + + + ad + + + Use files in .AppleDouble + directories. + + + + + none + + + No Extended Attributes support. + + + + + + + + mac charset = CHARSET + (V) + + + specifies the Mac client charset for this Volume, e.g. + MAC_ROMAN, MAC_CYRILLIC. + If not specified the global setting is applied. This setting is + only required if you need volumes, where the Mac charset differs + from the one globally set in the [Global] section. + + + + + casefold = (V) + + + The casefold option handles, if the case of filenames should + be changed. The available options are: + + - Lowercases names in both + directions. + + - Uppercases names in both + directions. + + - Client sees lowercase, server + sees uppercase. + + - Client sees uppercase, server + sees lowercase. + + + + + password = password + (V) + + + This option allows you to set a volume password, which can + be a maximum of 8 characters long (using ASCII strongly + recommended at the time of this writing). + + + + + file perm = mode + (V) + + directory perm = mode + (V) + + + Add(or) with the client requested permissions: is for files only, + is for directories only. Don't use with "". + + + Volume for a collaborative workgroup + + file perm = 0660 directory perm = + 0770 + + + + + + umask = mode + (V) + + + set perm mask. Don't use with "". + + + + + preexec = command + (V) + + + command to be run when the volume is mounted, ignored for + user defined volumes + + + + + postexec = command + (V) + + + command to be run when the volume is closed, ignored for + user defined volumes + + + + + root preexec = command + (V) + + + command to be run as root when the volume is mounted, + ignored for user defined volumes + + + + + root postexec = command + (V) + + + command to be run as root when the volume is closed, ignored + for user defined volumes + + + + + rolist = (V) + + + Allows certain users and groups to have read-only access to + a share. This follows the allow option format. + + + + + rwlist = users/groups + (V) + + + Allows certain users and groups to have read/write access to + a share. This follows the allow option format. + + + + + veto files = vetoed names + (V) + + + hide files and directories,where the path matches one of the + '/' delimited vetoed names. The veto string must always be + terminated with a '/', eg. "veto1/", "veto1/veto2/". + + + + + + + Volume options + + Boolean volume options. + + + + acls = BOOLEAN (default: + yes) (V) + + + Whether to flag volumes as supporting ACLs. If ACL support + is compiled in, this is yes by default. + + + + + cnid dev = BOOLEAN (default: + yes) (V) + + + Whether to use the device number in the CNID backends. Helps + when the device number is not constant across a reboot, eg + cluster, ... + + + + + convert appledouble = BOOLEAN + (default: yes) (V) + + + Whether automatic conversion from to is performed when + accessing filesystems from clients. This is generally useful, but + costs some performance. It's recommendable to run + dbd on volumes and do the conversion with that. + Then this option can be set to no. + + + + + follow symlinks = BOOLEAN (default: + no) (V) + + + The default setting is false thus symlinks are not followed + on the server. This is the same behaviour as OS X's AFP server. + Setting the option to true causes afpd to follow symlinks on the + server. symlinks may point outside of the AFP volume, currently + afpd doesn't do any checks for "wide symlinks". + + + + + invisible dots = BOOLEAN (default: + no) (V) + + + make dot files invisible. WARNING: enabling this option will + lead to unwanted sideeffects were OS X applications when saving + files to a temporary file starting with a dot first, then renaming + the temp file to its final name, result in the saved file being + invisible. The only thing this option is useful for is making + files that start with a dot invisible on Mac OS 9. It's + completely useless on Mac OS X, as both in Finder and in Terminal + files starting with a dot are hidden anyway. + + + + + network ids = BOOLEAN (default: + yes) (V) + + + Whether the server support network ids. Setting this to + no will result in the client not using ACL + AFP functions. + + + + + preexec close = BOOLEAN (default: + no) (V) + + + A non-zero return code from preexec close the volume being + immediately, preventing clients to mount/see the volume in + question. + + + + + read only = BOOLEAN (default: + no) (V) + + + Specifies the share as being read only for all users. + Overwrites with + + + + + root preexec close= BOOLEAN + (default: no) (V) + + + A non-zero return code from root_preexec closes the volume + immediately, preventing clients to mount/see the volume in + question. + + + + + search db = BOOLEAN (default: + no) (V) + + + Use fast CNID database namesearch instead of slow recursive + filesystem search. Relies on a consistent CNID database, ie Samba + or local filesystem access lead to inaccurate or wrong results. + Works only for "dbd" CNID db volumes. + + + + + stat vol = BOOLEAN (default: + yes) (V) + + + Whether to stat volume path when enumerating volumes list, + useful for automounting or volumes created by a preexec + script. + + + + + time machine = BOOLEAN (default: + no) (V) + + + Whether to enable Time Machine support for this + volume. + + + + + unix priv = BOOLEAN (default: + yes) (V) + + + Whether to use AFP3 UNIX privileges. This should be set for + OS X clients. See also: , + and . + + + + + + + + CNID backends + + The AFP protocol mostly refers to files and directories by ID and + not by name. Netatalk needs a way to store these ID's in a persistent way, + to achieve this several different CNID backends are available. The CNID + Databases are by default located in the + :STATEDIR:/netatalk/CNID/(volumename)/.AppleDB/ + directory. + + + + cdb + + + "Concurrent database", backend is based on Oracle Berkley DB. + With this backend several afpd daemons access the + CNID database directly. Berkeley DB locking is used to synchronize + access, if more than one afpd process is active + for a volume. The drawback is, that the crash of a single + afpd process might corrupt the database. + + + + + dbd + + + Access to the CNID database is restricted to the + cnid_metad daemon process. + afpd processes communicate with the daemon for + database reads and updates. If built with Berkeley DB transactions + the probability for database corruption is practically zero, but + performance can be slower than with + + + + + last + + + This backend is an exception, in terms of ID persistency. ID's + are only valid for the current session. This is basically what + afpd did in the 1.5 (and 1.6) versions. This + backend is still available, as it is useful for e.g. sharing cdroms. + Starting with Netatalk 3.0, it becomes the read only + mode automatically. + + Warning: It is + NOT recommended to use this backend for volumes + anymore, as afpd now relies heavily on a + persistent ID database. Aliases will likely not work and filename + mangling is not supported. + + + + + Even though ./configure --help might show that + there are other CNID backends available, be warned those are likely broken + or mainly used for testing. Don't use them unless you know what you're + doing, they may be removed without further notice from future + versions. + + + + Charset options + + With OS X Apple introduced the AFP3 protocol. One of the most + important changes was that AFP3 uses unicode names encoded as UTF-8 + decomposed. Previous AFP/OS versions used codepages, like MacRoman, + MacCentralEurope, etc. + + afpd needs a way to preserve extended Macintosh + characters, or characters illegal in unix filenames, when saving files on + a unix filesystem. Earlier versions used the the so called CAP encoding. + An extended character (>0x7F) would be converted to a :xx sequence, + e.g. the Apple Logo (MacRoman: 0xF0) was saved as :f0. + Some special characters will be converted as to :xx notation as well. + '/' will be encoded to :2f, if + is not specified, a leading dot + '.' will be encoded as :2e. + + This version now uses UTF-8 as the default encoding for names. + '/' will be converted to ':'. + + The option will allow you to select + another volume encoding. E.g. for western users another useful setting + could be vol charset ISO-8859-15. afpd will accept any + + iconv + + 1 + provided charset. If a character cannot be converted + from the to the selected , afpd will save it as a CAP encoded character. For AFP3 + clients, afpd will convert the UTF-8 + UTF8 + + afpd's vol charset setting + + UTF8-MAC + + afpd's vol charset setting + + ISO-8859-15 + + afpd's vol charset setting + + ISO-8859-1 + + afpd's vol charset setting + character to first. If this + conversion fails, you'll receive a -50 error on the mac. + + Note: Whenever you can, please stick with the + default UTF-8 volume format. + + + + SEE ALSO + + + afpd + + 8 + , + afppasswd + + 5 + , + afp_signature.conf + + 5 + , + extmap.conf + + 5 + , + cnid_metad + + 8 + + +