source: branches/samba-3.3.x/docs/manpages/sharesec.1@ 1026

Last change on this file since 1026 was 411, checked in by Herwig Bauernfeind, 16 years ago

Update Samba 3.3.x to 3.3.11

File size: 11.3 KB
Line 
1.\" Title: sharesec
2.\" Author: [see the "AUTHOR" section]
3.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
4.\" Date: 02/22/2010
5.\" Manual: User Commands
6.\" Source: Samba 3.3
7.\" Language: English
8.\"
9.TH "SHARESEC" "1" "02/22/2010" "Samba 3\&.3" "User Commands"
10.\" -----------------------------------------------------------------
11.\" * (re)Define some macros
12.\" -----------------------------------------------------------------
13.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14.\" toupper - uppercase a string (locale-aware)
15.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16.de toupper
17.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
18\\$*
19.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
20..
21.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22.\" SH-xref - format a cross-reference to an SH section
23.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24.de SH-xref
25.ie n \{\
26.\}
27.toupper \\$*
28.el \{\
29\\$*
30.\}
31..
32.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33.\" SH - level-one heading that works better for non-TTY output
34.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35.de1 SH
36.\" put an extra blank line of space above the head in non-TTY output
37.if t \{\
38.sp 1
39.\}
40.sp \\n[PD]u
41.nr an-level 1
42.set-an-margin
43.nr an-prevailing-indent \\n[IN]
44.fi
45.in \\n[an-margin]u
46.ti 0
47.HTML-TAG ".NH \\n[an-level]"
48.it 1 an-trap
49.nr an-no-space-flag 1
50.nr an-break-flag 1
51\." make the size of the head bigger
52.ps +3
53.ft B
54.ne (2v + 1u)
55.ie n \{\
56.\" if n (TTY output), use uppercase
57.toupper \\$*
58.\}
59.el \{\
60.nr an-break-flag 0
61.\" if not n (not TTY), use normal case (not uppercase)
62\\$1
63.in \\n[an-margin]u
64.ti 0
65.\" if not n (not TTY), put a border/line under subheading
66.sp -.6
67\l'\n(.lu'
68.\}
69..
70.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71.\" SS - level-two heading that works better for non-TTY output
72.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73.de1 SS
74.sp \\n[PD]u
75.nr an-level 1
76.set-an-margin
77.nr an-prevailing-indent \\n[IN]
78.fi
79.in \\n[IN]u
80.ti \\n[SN]u
81.it 1 an-trap
82.nr an-no-space-flag 1
83.nr an-break-flag 1
84.ps \\n[PS-SS]u
85\." make the size of the head bigger
86.ps +2
87.ft B
88.ne (2v + 1u)
89.if \\n[.$] \&\\$*
90..
91.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92.\" BB/BE - put background/screen (filled box) around block of text
93.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94.de BB
95.if t \{\
96.sp -.5
97.br
98.in +2n
99.ll -2n
100.gcolor red
101.di BX
102.\}
103..
104.de EB
105.if t \{\
106.if "\\$2"adjust-for-leading-newline" \{\
107.sp -1
108.\}
109.br
110.di
111.in
112.ll
113.gcolor
114.nr BW \\n(.lu-\\n(.i
115.nr BH \\n(dn+.5v
116.ne \\n(BHu+.5v
117.ie "\\$2"adjust-for-leading-newline" \{\
118\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
119.\}
120.el \{\
121\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
122.\}
123.in 0
124.sp -.5v
125.nf
126.BX
127.in
128.sp .5v
129.fi
130.\}
131..
132.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133.\" BM/EM - put colored marker in margin next to block of text
134.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135.de BM
136.if t \{\
137.br
138.ll -2n
139.gcolor red
140.di BX
141.\}
142..
143.de EM
144.if t \{\
145.br
146.di
147.ll
148.gcolor
149.nr BH \\n(dn
150.ne \\n(BHu
151\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
152.in 0
153.nf
154.BX
155.in
156.fi
157.\}
158..
159.\" -----------------------------------------------------------------
160.\" * set default formatting
161.\" -----------------------------------------------------------------
162.\" disable hyphenation
163.nh
164.\" disable justification (adjust text to left margin only)
165.ad l
166.\" -----------------------------------------------------------------
167.\" * MAIN CONTENT STARTS HERE *
168.\" -----------------------------------------------------------------
169.SH "Name"
170sharesec \- Set or get share ACLs
171.SH "Synopsis"
172.fam C
173.HP \w'\ 'u
174\FCsharesec\F[] {sharename} [\-r,\ \-\-remove=ACL] [\-m,\ \-\-modify=ACL] [\-a,\ \-\-add=ACL] [\-R,\ \-\-replace=ACLs] [\-D,\ \-\-delete] [\-v,\ \-\-view] [\-M,\ \-\-machine\-sid] [\-F,\ \-\-force] [\-d,\ \-\-debuglevel=DEBUGLEVEL] [\-s,\ \-\-configfile=CONFIGFILE] [\-l,\ \-\-log\-basename=LOGFILEBASE] [\-V,\ \-\-version] [\-?,\ \-\-help] [\-\-usage]
175.fam
176.SH "DESCRIPTION"
177.PP
178This tool is part of the
179\fBsamba\fR(7)
180suite\&.
181.PP
182The
183\FCsharesec\F[]
184program manipulates share permissions on SMB file shares\&.
185.SH "OPTIONS"
186.PP
187The following options are available to the
188\FCsharesec\F[]
189program\&. The format of ACLs is described in the section ACL FORMAT
190.PP
191\-a|\-\-add=ACL
192.RS 4
193Add the ACEs specified to the ACL list\&.
194.RE
195.PP
196\-D|\-\-delete
197.RS 4
198Delete the entire security descriptor\&.
199.RE
200.PP
201\-F|\-\-force
202.RS 4
203Force storing the ACL\&.
204.RE
205.PP
206\-m|\-\-modify=ACL
207.RS 4
208Modify existing ACEs\&.
209.RE
210.PP
211\-M|\-\-machine\-sid
212.RS 4
213Initialize the machine SID\&.
214.RE
215.PP
216\-r|\-\-remove=ACL
217.RS 4
218Remove ACEs\&.
219.RE
220.PP
221\-R|\-\-replace=ACLS
222.RS 4
223Overwrite an existing share permission ACL\&.
224.RE
225.PP
226\-h|\-\-help
227.RS 4
228Print a summary of command line options\&.
229.RE
230.PP
231\-d|\-\-debuglevel=level
232.RS 4
233\fIlevel\fR
234is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
235.sp
236The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
237.sp
238Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
239.sp
240Note that specifying this parameter here will override the
241\m[blue]\fB\%smb.conf.5.html#\fR\m[]
242parameter in the
243\FCsmb\&.conf\F[]
244file\&.
245.RE
246.PP
247\-V|\-\-version
248.RS 4
249Prints the program version number\&.
250.RE
251.PP
252\-s|\-\-configfile <configuration file>
253.RS 4
254The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
255\FCsmb\&.conf\F[]
256for more information\&. The default configuration file name is determined at compile time\&.
257.RE
258.PP
259\-l|\-\-log\-basename=logdirectory
260.RS 4
261Base directory name for log/debug files\&. The extension
262\fB"\&.progname"\fR
263will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
264.RE
265.SH "ACL FORMAT"
266.PP
267The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
268.PP
269.if n \{\
270.RS 4
271.\}
272.fam C
273.ps -1
274.nf
275.if t \{\
276.sp -1
277.\}
278.BB lightgray adjust-for-leading-newline
279.sp -1
280
281 REVISION:<revision number>
282 OWNER:<sid or name>
283 GROUP:<sid or name>
284 ACL:<sid or name>:<type>/<flags>/<mask>
285
286.EB lightgray adjust-for-leading-newline
287.if t \{\
288.sp 1
289.\}
290.fi
291.fam
292.ps +1
293.if n \{\
294.RE
295.\}
296.PP
297The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
298.PP
299The owner and group specify the owner and group SIDs for the object\&. If a SID in the format S\-1\-x\-y\-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
300.PP
301ACLs specify permissions granted to the SID\&. This SID can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
302.PP
303The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for share ACLs\&.
304.PP
305The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
306.sp
307.RS 4
308.ie n \{\
309\h'-04'\(bu\h'+03'\c
310.\}
311.el \{\
312.sp -1
313.IP \(bu 2.3
314.\}
315\fIR\fR
316\- Allow read access
317.RE
318.sp
319.RS 4
320.ie n \{\
321\h'-04'\(bu\h'+03'\c
322.\}
323.el \{\
324.sp -1
325.IP \(bu 2.3
326.\}
327\fIW\fR
328\- Allow write access
329.RE
330.sp
331.RS 4
332.ie n \{\
333\h'-04'\(bu\h'+03'\c
334.\}
335.el \{\
336.sp -1
337.IP \(bu 2.3
338.\}
339\fIX\fR
340\- Execute permission on the object
341.RE
342.sp
343.RS 4
344.ie n \{\
345\h'-04'\(bu\h'+03'\c
346.\}
347.el \{\
348.sp -1
349.IP \(bu 2.3
350.\}
351\fID\fR
352\- Delete the object
353.RE
354.sp
355.RS 4
356.ie n \{\
357\h'-04'\(bu\h'+03'\c
358.\}
359.el \{\
360.sp -1
361.IP \(bu 2.3
362.\}
363\fIP\fR
364\- Change permissions
365.RE
366.sp
367.RS 4
368.ie n \{\
369\h'-04'\(bu\h'+03'\c
370.\}
371.el \{\
372.sp -1
373.IP \(bu 2.3
374.\}
375\fIO\fR
376\- Take ownership
377.sp
378.RE
379.PP
380The following combined permissions can be specified:
381.sp
382.RS 4
383.ie n \{\
384\h'-04'\(bu\h'+03'\c
385.\}
386.el \{\
387.sp -1
388.IP \(bu 2.3
389.\}
390\fIREAD\fR
391\- Equivalent to \'RX\' permissions
392.RE
393.sp
394.RS 4
395.ie n \{\
396\h'-04'\(bu\h'+03'\c
397.\}
398.el \{\
399.sp -1
400.IP \(bu 2.3
401.\}
402\fICHANGE\fR
403\- Equivalent to \'RXWD\' permissions
404.RE
405.sp
406.RS 4
407.ie n \{\
408\h'-04'\(bu\h'+03'\c
409.\}
410.el \{\
411.sp -1
412.IP \(bu 2.3
413.\}
414\fIFULL\fR
415\- Equivalent to \'RWXDPO\' permissions
416.SH "EXIT STATUS"
417.PP
418The
419\FCsharesec\F[]
420program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
421.PP
422If the operation succeeded, sharesec returns and exit status of 0\&. If
423\FCsharesec\F[]
424couldn\'t connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
425.SH "EXAMPLES"
426.PP
427Add full access for SID
428\fIS\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724\fR
429on
430\fIshare\fR:
431.sp
432.if n \{\
433.RS 4
434.\}
435.fam C
436.ps -1
437.nf
438.if t \{\
439.sp -1
440.\}
441.BB lightgray adjust-for-leading-newline
442.sp -1
443
444 host:~ # sharesec share \-a S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
445
446.EB lightgray adjust-for-leading-newline
447.if t \{\
448.sp 1
449.\}
450.fi
451.fam
452.ps +1
453.if n \{\
454.RE
455.\}
456.PP
457List all ACEs for
458\fIshare\fR:
459.sp
460.if n \{\
461.RS 4
462.\}
463.fam C
464.ps -1
465.nf
466.if t \{\
467.sp -1
468.\}
469.BB lightgray adjust-for-leading-newline
470.sp -1
471
472 host:~ # sharesec share \-v
473 REVISION:1
474 OWNER:(NULL SID)
475 GROUP:(NULL SID)
476 ACL:S\-1\-1\-0:ALLOWED/0/0x101f01ff
477 ACL:S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
478
479.EB lightgray adjust-for-leading-newline
480.if t \{\
481.sp 1
482.\}
483.fi
484.fam
485.ps +1
486.if n \{\
487.RE
488.\}
489.SH "VERSION"
490.PP
491This man page is correct for version 3 of the Samba suite\&.
492.SH "AUTHOR"
493.PP
494The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Note: See TracBrowser for help on using the repository browser.