diff options
Diffstat (limited to 'docs/htmldocs/manpages/sharesec.1.html')
| -rw-r--r-- | docs/htmldocs/manpages/sharesec.1.html | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/docs/htmldocs/manpages/sharesec.1.html b/docs/htmldocs/manpages/sharesec.1.html new file mode 100644 index 0000000000..c018a5a844 --- /dev/null +++ b/docs/htmldocs/manpages/sharesec.1.html @@ -0,0 +1,82 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>sharesec</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="sharesec.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>sharesec — Set or get share ACLs</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">sharesec</code> {sharename} [-r, --remove=ACL] [-m, --modify=ACL] [-a, --add=ACL] [-R, --replace=ACLs] [-D, --delete] [-v, --view] [-M, --machine-sid] [-F, --force] [-d, --debuglevel=DEBUGLEVEL] [-s, --configfile=CONFIGFILE] [-l, --log-basename=LOGFILEBASE] [-V, --version] [-?, --help] [--usage]</p></div></div><div class="refsect1" lang="en"><a name="id2483416"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">sharesec</code> program manipulates share permissions + on SMB file shares.</p></div><div class="refsect1" lang="en"><a name="id2483560"></a><h2>OPTIONS</h2><p>The following options are available to the <code class="literal">sharesec</code> program. + The format of ACLs is described in the section ACL FORMAT </p><div class="variablelist"><dl><dt><span class="term">-a|--add=ACL</span></dt><dd><p>Add the ACEs specified to the ACL list. + </p></dd><dt><span class="term">-D|--delete</span></dt><dd><p>Delete the entire security descriptor. + </p></dd><dt><span class="term">-F|--force</span></dt><dd><p>Force storing the ACL. + </p></dd><dt><span class="term">-m|--modify=ACL</span></dt><dd><p>Modify existing ACEs. + </p></dd><dt><span class="term">-M|--machine-sid</span></dt><dd><p>Initialize the machine SID. + </p></dd><dt><span class="term">-r|--remove=ACL</span></dt><dd><p>Remove ACEs. + </p></dd><dt><span class="term">-R|--replace=ACLS</span></dt><dd><p> + Overwrite an existing share permission ACL. + </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options. +</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer +from 0 to 10. The default value if this parameter is +not specified is 0.</p><p>The higher this value, the more detail will be +logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day-to-day running - it generates a small amount of +information about operations carried out.</p><p>Levels above 1 will generate considerable +amounts of log data, and should only be used when +investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will +override the <a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a> parameter +in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number. +</p></dd><dt><span class="term">-s <configuration file></span></dt><dd><p>The file specified contains the +configuration details required by the server. The +information in this file includes server-specific +information such as what printcap file to use, as well +as descriptions of all the services that the server is +to provide. See <code class="filename">smb.conf</code> for more information. +The default configuration file name is determined at +compile time.</p></dd><dt><span class="term">-l|--log-basename=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension +<code class="constant">".progname"</code> will be appended (e.g. log.smbclient, +log.smbd, etc...). The log file is never removed by the client. +</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2483777"></a><h2>ACL FORMAT</h2><p>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </p><pre class="programlisting"> + REVISION:<revision number> + OWNER:<sid or name> + GROUP:<sid or name> + ACL:<sid or name>:<type>/<flags>/<mask> + </pre><p>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.</p><p>The owner and group specify the owner and group SIDs for the + object. If a SID in the format S-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides.</p><p>ACLs specify permissions granted to the SID. This SID + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.</p><p>The type can be either ALLOWED or DENIED to allow/deny access + to the SID. The flags values are generally zero for share ACLs. + </p><p>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>R</em></span> - Allow read access </p></li><li><p><span class="emphasis"><em>W</em></span> - Allow write access</p></li><li><p><span class="emphasis"><em>X</em></span> - Execute permission on the object</p></li><li><p><span class="emphasis"><em>D</em></span> - Delete the object</p></li><li><p><span class="emphasis"><em>P</em></span> - Change permissions</p></li><li><p><span class="emphasis"><em>O</em></span> - Take ownership</p></li></ul></div><p>The following combined permissions can be specified:</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>READ</em></span> - Equivalent to 'RX' + permissions</p></li><li><p><span class="emphasis"><em>CHANGE</em></span> - Equivalent to 'RXWD' permissions + </p></li><li><p><span class="emphasis"><em>FULL</em></span> - Equivalent to 'RWXDPO' + permissions</p></li></ul></div></div><div class="refsect1" lang="en"><a name="id2481681"></a><h2>EXIT STATUS</h2><p>The <code class="literal">sharesec</code> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </p><p>If the operation succeeded, sharesec returns and exit + status of 0. If <code class="literal">sharesec</code> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><a name="id2481714"></a><h2>EXAMPLES</h2><p>Add full access for SID + <em class="parameter"><code>S-1-5-21-1866488690-1365729215-3963860297-17724</code></em> on + <em class="parameter"><code>share</code></em>: + </p><pre class="programlisting"> + host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </pre><p>List all ACEs for <em class="parameter"><code>share</code></em>: + </p><pre class="programlisting"> + host:~ # sharesec share -v + REVISION:1 + OWNER:(NULL SID) + GROUP:(NULL SID) + ACL:S-1-1-0:ALLOWED/0/0x101f01ff + ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </pre></div><div class="refsect1" lang="en"><a name="id2481762"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2481773"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</p></div></div></body></html> |