Provided by:
netatalk_2.0.4~beta2-5ubuntu2_i386 
NAME
AppleVolumes.default - Configuration file used by afpd(8) to determine
the shares made available through Appletalk
DESCRIPTION
/etc/netatalk/AppleVolumes.default is the configuration file used by
afpd to determine what portions of the file system will be shared via
Apple Filing Protocol, as well as their behaviour. Any line not
prefixed with # is interpreted. The configuration lines are composed
like:
path [ volume name ] [ options ]
The path name must be a fully qualified path name, or a path name using
either the ~ shell shorthand or any of the substitution variables,
which are listed below.
The volume name is the name that appears in the Chooser ot the "connect
to server" dialog on Macintoshes to represent the appropriate share. If
there are spaces in the name, it should be in quotes (i.e. "File
Share"). The volume name may not exceed 27 characters in length, and
cannot contain the â€â€™:â€â€™ character.
Note
Each volume has to be configured on a single line.
The possible options and their meanings are:
adouble:[v1|v2|osx]
specify the format of the metadata files, which are used for
saving Mac resource fork as well. Earlier versions used
AppleDouble V1, the new default format is V2. Starting with
Netatalk 2.0, the scheme MacOS X uses currently (10.3.x), is
also supported
Note
Using adouble:osx is not recommended for production use. Its
only aim is to temporarely share eg. FAT32 formatted FireWire
harddrives written on a Macintosh with afpd. Apple’s metadata
scheme lacks several essential features, so using it on the
server’s side will break both CNIDs and MacOS 9 compatibility
allow:[users/groups]
The allow option allows the users and groups that access a share
to be specified. Users and groups are specified, delimited by
commas. Groups are designated by a @ prefix. Example:
allow:user1,user2,@group
deny:[users/groups]
The deny option specifies users and groups who are not allowed
access to the share. It follows the same format as the allow
option.
cnidscheme:[backend]
set the CNID backend to be used for the volume, default is []
available schemes: [cdb dbd last]
dbpath:[path]
Sets the database information to be stored in path. You have to
specifiy a writable location, even if the volume is read only.
maccharset:[charset]
specifies the mac client codepage for this Volume, e.g.
"MAC_ROMAN", "MAC_CYRILLIC". If not specified the setting from
afpd.conf is inherited. This setting is only required if you
need volumes, where the mac codepage differs from the one
globally set in afpd.conf.
options:[option]
This allows multiple options to be specified in a comma
delimited format. The available options are:
limitsize
Limit disk size reporting to 2GB. This can be used for
older Macintoshes using newer Appleshare clients.
ro Specifies the share as being read only for all users.
The .AppleDB directory has to be writeable, you can use
the -dbpath option to relocate it.
usedots
Don’t do :hex translation for dot files. note: when this
option gets set, certain file names become illegal. These
are .Parent and anything that starts with .Apple. Also,
dot files created on the unix side are marked invisible.
root_preexec_close
a non-zero return code from root_preexec closes the
volume immediately, preventing clients to mount/see the
volume in question.
preexec_close
a non-zero return code from preexec close the volume
being immediately, preventing clients to mount/see the
volume in question.
password:[password]
This option allows you to set a volume password, which can be a
maximum of 8 characters long (using ASCII strongly recommended
at the time of this writing).
preexec:[command]
command to be run when the volume is mounted, ignored for user
defined volumes
postexec:[command]
command to be run when the volume is closed, ignored for user
defined volumes
root_preexec:[command]
command to be run as root when the volume is mounted, ignored
for user defined volumes
root_postexec:[command]
command to be run as root when the volume is closed, ignored for
user defined volumes
rolist:[users/groups]
Allows certain users and groups to have read-only access to a
share. This follows the allow option format.
rwlist:[users/groups]
Allows certain users and groups to have read/write access to a
share. This follows the allow option format.
veto:[vetoed name]
hide files and directories,where the path matches one of the ’/’
delimited vetoed names. Matches are partial, e.g. path is
/abc/def/file and veto:/abc/ will hide the file.
volcharset:[charset]
specifies the volume codepage, e.g. "UTF8", "UTF8-MAC",
"ISO-8859-15". Defaults to "UTF8".
VARIABLE SUBSTITUTIONS
You can use variables in both volume path and volume name.
1. if you specify an unknown variable, it will not get converted.
2. if you specify a known variable, but that variable doesn’t have
a value, it will get ignored.
The variables which can be used for substitutions are:
$b basename
$c client’s ip or appletalk address
$d volume pathname on server
$f full name (contents of the gecos field in the passwd file)
$g group name
$h hostname
$i client’s ip, without port
$s server name (this can be the hostname)
$u user name (if guest, it is the user that guest is running as)
$v volume name (either ADEID_NAME or basename of path)
$z appletalk zone (may not exist)
$$ prints dollar sign ($)
When using variable substitution in the volume name, always keep in
mind, not to exceed the 27 characters limit
Using variable substitution when defining volumes
/home/groups/$g "Groupdir for $g"
~ "$f is the best one"
We define "groupdirs" for each primary group and use a personalized
server name for homedir shares.
CNID BACKENDS
The AFP protocol mostly refers to files and directories by ID and not
by name. Netatalk needs a way to store these ID’s in a persistent way,
to achieve this several different CNID backends are available. The CNID
Databases are by default located in the .AppleDB folder in the volume
root.
cdb "Concurrent database", backend is based on Sleepycat’s Berkely
DB. With this backend several afpd deamons access the CNID
database directly. Berkeley DB locking is used to synchronize
access, if more than one afpd process is active for a volume.
The drawback is, that the crash of a single afpd process might
corrupt the database.
dbd Access to the CNID database is restricted to the cnid_metad
daemon process. afpd processes communicate with the daemon for
database reads and updates. If built with Berkeley DB
transactions the probability for database corruption is
practically zero, but performance can be slower than with cdb
last This backend is an exception, in terms of ID persistency. ID’s
are only valid for the current session. This is basically what
afpd did in the 1.5 (and 1.6) versions. This backend is still
available, as it is useful for e.g. sharing cdroms.
Warning: It is NOT recommended to use this backend for volumes
anymore, as afpd now relies heavily on a persistent ID database.
Aliases will likely not work and filename mangling is not
supported.
Even though ./configure --help might show that there are other CNID
backends available, be warned those are likely broken or mainly used
for testing. Don’t use them unless you know what you’re doing, they may
be removed without further notice from future versions.
CHARSET OPTIONS
With OS X Apple introduced the AFP3 protocol. One of the most important
changes was that AFP3 uses unicode names encoded as UTF-8 decomposed.
Previous AFP/OS versions used codepages, like MacRoman,
MacCentralEurope, etc.
afpd needs a way to preserve extended macintosh characters, or
characters illegal in unix filenames, when saving files on a unix
filesystem. Earlier versions used the the so called CAP encoding. An
extended character (>0x7F) would be converted to a :xx sequence, e.g.
the Apple Logo (MacRoman: 0XF0) was saved as :f0. Some special
characters will be converted as to :xx notation as well. ’/’ will be
encoded to :2f, if -usedots is not specified, a leading dot ’.’ will be
encoded as :2e.
This version now uses UTF-8 as the default encoding for names. Special
characters, like ’/’ and a leading ’.’ will still be CAP style encoded
.
The -volcharset option will allow you to select another volume
encoding. E.g. for western users another useful setting could be
-volcharset ISO-8859-15. apfd will accept any iconv(1) provided
charset. If a character cannot be converted from the mac codepage to
the selected volcharset, afpd will save it as a CAP encoded character.
For AFP3 clients, afpd will convert the UTF-8 character to -maccharset
first. If this conversion fails, you’ll receive a -50 error on the mac.
Note: Whenever you can, please stick with the default UTF-8 volume
format.
COMPATIBILITY WITH EARLIER VERSIONS
To use a volume created with an earlier afpd version, you’ll have to
specify the following options:
use a 1.x style volume
/path/to/volume "Volname" adouble:v1 volcharset:ASCII
In case you used an NLS you could try using a compatible iconv charset
for -volcharset.
use a 1.x style volume, created with maccode.iso8859-1
/path/to/volume "Volname" adouble:v1 volcharset:ISO-8859-1
You should consider converting old style volumes to the new UTF-8/AD2
format. The safest way to do this, is to create a new volume with the
default options and copy the files between this volumes with a mac.
Note: Using above example options will allow you to downgrade to 1.x
netatalk again.
Note: Some 1.x NLS files used non standard mappings, e.g.
maccode.iso8859-1.adapted. This is not supported anymore. You’ll have
to copy the contents of those volumes files to a Mac and then back to
the netatalk server, preferably to an UTF-8 volume.
ADVANCED OPTIONS
The following options should only be used after serious consideration.
Be sure you fully understood the, sometimes complex, consequences,
before using them.
casefold:[option]
The casefold option handles, if the case of filenames should be
changed. The available options are:
tolower - Lowercases names in both directions.
toupper - Uppercases names in both directions.
xlatelower - Client sees lowercase, server sees uppercase.
xlateupper - Client sees uppercase, server sees lowercase.
options:[option]
This allows multiple options to be specified in a comma
delimited format. The available options are:
cachecnid
If set afpd uses the ID information stored in AppleDouble
V2 header files to reduce database load. Don’t set this
option if the volume is modified by non AFP clients
(NFS/SMB/local). Defaults to off.
crlf Enables crlf translation for TEXT files, automatically
converting macintosh line breaks into Unix ones. Use of
this option might be dangerous since some older programs
store binary data files as type "TEXT" when saving and
switch the filetype in a second step. Afpd will
potentially destroy such files when "erroneously"
changing bytes in order to do line break translation.
dropbox
Allows a volume to be declared as being a "dropbox."
Note that netatalk must be compiled with dropkludge
support for this to function. Warning: This option is
deprecated and might not work as expected.
mswindows
Forces filename restrictions imposed by MS WinXX.
Warning: This is NOT recommened for volumes mainly used
by Macs. Please make sure you fully understand this
option before using it.
Warning
This option breaks direct saving to netatalk volumes from
some applications, i.e. OfficeX.
noadouble
Forces afpd to not create .AppleDouble directories unless
macintosh metadata needs to be written. This option is
only useful if you want to share files mostly used NOT by
macs, causing afpd to not automatically create
.AppleDouble subdirs containing AD header files in every
directory it enters (which will it do by default).
In case, you save or change files from mac clients, AD
metadata files have to be written even in case you set
this option. So you can’t avoid the creation of
.AppleDouble directories and its contents when you give
macs write access to a share and they make use of it.
Try to avoid noadouble whenever possible.
nodev always use 0 for device number, helps when the device
number is not constant across a reboot, cluster, ...
nofileid
don’t advertise createfileid, resolveid, deleteid calls.
nohex Disables :hex translations for anything except dot files.
This option makes the â€â€™/’ character illegal.
prodos Provides compatibility with Apple II clients.
nostat don’t stat volume path when enumerating volumes list,
useful for automounting or volumes created by a preexec
script.
upriv use AFP3 unix privileges. Become familiar with the new
"unix privileges" AFP permissions concepts in MacOS X
before using this option.
SEE ALSO
afpd.conf(5), afpd(8)