source: branches/samba-3.3.x/docs-xml/manpages-3/sharesec.1.xml@ 622

Last change on this file since 622 was 374, checked in by Herwig Bauernfeind, 16 years ago

Update Samba 3.3 to 3.3.10 (new files)
File size: 6.9 KB
Line 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3<refentry id="sharesec.1">
4
5<refmeta>
6 <refentrytitle>sharesec</refentrytitle>
7 <manvolnum>1</manvolnum>
8 <refmiscinfo class="source">Samba</refmiscinfo>
9 <refmiscinfo class="manual">User Commands</refmiscinfo>
10 <refmiscinfo class="version">3.3</refmiscinfo>
11</refmeta>
12
13
14<refnamediv>
15 <refname>sharesec</refname>
16 <refpurpose>Set or get share ACLs</refpurpose>
17</refnamediv>
18
19<refsynopsisdiv>
20 <cmdsynopsis>
21 <command>sharesec</command>
22 <arg choice="req">sharename</arg>
23 <arg choice="opt">-r, --remove=ACL</arg>
24 <arg choice="opt">-m, --modify=ACL</arg>
25 <arg choice="opt">-a, --add=ACL</arg>
26 <arg choice="opt">-R, --replace=ACLs</arg>
27 <arg choice="opt">-D, --delete</arg>
28 <arg choice="opt">-v, --view</arg>
29 <arg choice="opt">-M, --machine-sid</arg>
30 <arg choice="opt">-F, --force</arg>
31 <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
32 <arg choice="opt">-s, --configfile=CONFIGFILE</arg>
33 <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg>
34 <arg choice="opt">-V, --version</arg>
35 <arg choice="opt">-?, --help</arg>
36 <arg choice="opt">--usage</arg>
37 </cmdsynopsis>
38</refsynopsisdiv>
39
40<refsect1>
41 <title>DESCRIPTION</title>
42
43 <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
44 <manvolnum>7</manvolnum></citerefentry> suite.</para>
45
46 <para>The <command>sharesec</command> program manipulates share permissions
47 on SMB file shares.</para>
48</refsect1>
49
50
51<refsect1>
52 <title>OPTIONS</title>
53
54 <para>The following options are available to the <command>sharesec</command> program.
55 The format of ACLs is described in the section ACL FORMAT </para>
56
57 <variablelist>
58 <varlistentry>
59 <term>-a|--add=ACL</term>
60 <listitem><para>Add the ACEs specified to the ACL list.
61 </para></listitem>
62 </varlistentry>
63
64 <varlistentry>
65 <term>-D|--delete</term>
66 <listitem><para>Delete the entire security descriptor.
67 </para></listitem>
68 </varlistentry>
69
70 <varlistentry>
71 <term>-F|--force</term>
72 <listitem><para>Force storing the ACL.
73 </para></listitem>
74 </varlistentry>
75
76 <varlistentry>
77 <term>-m|--modify=ACL</term>
78 <listitem><para>Modify existing ACEs.
79 </para></listitem>
80 </varlistentry>
81
82 <varlistentry>
83 <term>-M|--machine-sid</term>
84 <listitem><para>Initialize the machine SID.
85 </para></listitem>
86 </varlistentry>
87
88 <varlistentry>
89 <term>-r|--remove=ACL</term>
90 <listitem><para>Remove ACEs.
91 </para></listitem>
92 </varlistentry>
93
94 <varlistentry>
95 <term>-R|--replace=ACLS</term>
96 <listitem><para>
97 Overwrite an existing share permission ACL.
98 </para></listitem>
99 </varlistentry>
100
101 &stdarg.help;
102 &stdarg.server.debug;
103 &popt.common.samba;
104 </variablelist>
105</refsect1>
106
107
108<refsect1>
109 <title>ACL FORMAT</title>
110
111 <para>The format of an ACL is one or more ACL entries separated by
112 either commas or newlines. An ACL entry is one of the following: </para>
113
114 <para><programlisting>
115 REVISION:&lt;revision number&gt;
116 OWNER:&lt;sid or name&gt;
117 GROUP:&lt;sid or name&gt;
118 ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
119 </programlisting></para>
120
121 <para>The revision of the ACL specifies the internal Windows
122 NT ACL revision for the security descriptor.
123 If not specified it defaults to 1. Using values other than 1 may
124 cause strange behaviour.</para>
125
126 <para>The owner and group specify the owner and group SIDs for the
127 object. If a SID in the format S-1-x-y-z is specified this is used,
128 otherwise the name specified is resolved using the server on which
129 the file or directory resides.</para>
130
131 <para>ACLs specify permissions granted to the SID. This SID
132 can be specified in S-1-x-y-z format or as a name in which case
133 it is resolved against the server on which the file or directory
134 resides. The type, flags and mask values determine the type of
135 access granted to the SID.</para>
136
137 <para>The type can be either ALLOWED or DENIED to allow/deny access
138 to the SID. The flags values are generally zero for share ACLs.
139 </para>
140
141 <para>The mask is a value which expresses the access right
142 granted to the SID. It can be given as a decimal or hexadecimal value,
143 or by using one of the following text strings which map to the NT
144 file permissions of the same name.</para>
145
146 <itemizedlist>
147 <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
148 <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
149 <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
150 <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
151 <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
152 <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
153 </itemizedlist>
154
155 <para>The following combined permissions can be specified:</para>
156
157 <itemizedlist>
158 <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
159 permissions</para></listitem>
160 <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
161 </para></listitem>
162 <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
163 permissions</para></listitem>
164 </itemizedlist>
165 </refsect1>
166
167<refsect1>
168 <title>EXIT STATUS</title>
169
170 <para>The <command>sharesec</command> program sets the exit status
171 depending on the success or otherwise of the operations performed.
172 The exit status may be one of the following values. </para>
173
174 <para>If the operation succeeded, sharesec returns and exit
175 status of 0. If <command>sharesec</command> couldn't connect to the specified server,
176 or there was an error getting or setting the ACLs, an exit status
177 of 1 is returned. If there was an error parsing any command line
178 arguments, an exit status of 2 is returned. </para>
179</refsect1>
180
181<refsect1>
182 <title>EXAMPLES</title>
183
184 <para>Add full access for SID
185 <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on
186 <parameter>share</parameter>:
187 </para>
188
189 <programlisting>
190 host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
191 </programlisting>
192
193 <para>List all ACEs for <parameter>share</parameter>:
194 </para>
195
196 <programlisting>
197 host:~ # sharesec share -v
198 REVISION:1
199 OWNER:(NULL SID)
200 GROUP:(NULL SID)
201 ACL:S-1-1-0:ALLOWED/0/0x101f01ff
202 ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
203 </programlisting>
204</refsect1>
205
206<refsect1>
207 <title>VERSION</title>
208
209 <para>This man page is correct for version 3 of the Samba suite.</para>
210</refsect1>
211
212<refsect1>
213 <title>AUTHOR</title>
214 <para>The original Samba software and related utilities
215 were created by Andrew Tridgell. Samba is now developed
216 by the Samba Team as an Open Source project similar
217 to the way the Linux kernel is developed.</para>
218</refsect1>
219
220</refentry>
Note: See TracBrowser for help on using the repository browser.