docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

diff --git a/docs-xml/manpages/nfs4.xml.include b/docs-xml/manpages/nfs4.xml.include
new file mode 100644 (file)
index 0000000..29cad9e
--- /dev/null
+++ b/docs-xml/manpages/nfs4.xml.include
@@ -0,0 +1,57 @@
+<variablelist>
+
+<varlistentry>
+       <term>nfs4:mode = [ simple | special ]</term>
+       <listitem>
+       <para>
+       Controls substitution of special IDs (OWNER@ and GROUP@) on NFS4 ACLs.
+       The use of mode simple is recommended.
+       In this mode only non inheriting ACL entries for the file owner
+       and group are mapped to special IDs.
+       </para>
+
+       <para>The following MODEs are understood by the module:</para>
+       <itemizedlist>
+       <listitem><para><command>simple(default)</command> - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.</para></listitem>
+       <listitem><para><command>special(deprecated)</command> - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.</para></listitem>
+       </itemizedlist>
+       </listitem>
+
+</varlistentry>
+
+<varlistentry>
+       <term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
+       <listitem>
+       <para>
+       This parameter configures how Samba handles duplicate ACEs encountered in NFS4 ACLs.
+       They allow creating duplicate ACEs with different bits for same ID, which may confuse the Windows clients.
+       </para>
+
+       <para>Following is the behaviour of Samba for different values :</para>
+       <itemizedlist>
+       <listitem><para><command>dontcare</command> - copy the ACEs as they come</para></listitem>
+       <listitem><para><command>reject (deprecated)</command> - stop operation and exit with error on ACL set op</para></listitem>
+       <listitem><para><command>ignore (deprecated)</command> - don't include the second matching ACE</para></listitem>
+       <listitem><para><command>merge (default)</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
+       </itemizedlist>
+       </listitem>
+</varlistentry>
+
+
+<varlistentry>
+       <term>nfs4:chown = [yes|no]</term>
+       <listitem>
+       <para>This parameter allows enabling or disabling the chown supported
+       by the underlying filesystem. This parameter should be enabled with
+       care as it might leave your system insecure.</para>
+       <para>Some filesystems allow chown as a) giving b) stealing. It is the latter
+       that is considered a risk.</para>
+       <para>Following is the behaviour of Samba for different values : </para>
+       <itemizedlist>
+       <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
+       <listitem><para><command>no (default)</command> - Disable chown</para></listitem>
+       </itemizedlist>
+       </listitem>
+</varlistentry>
+
+</variablelist>