source: branches/samba-3.5.x/docs/manpages/sharesec.1@ 770

Last change on this file since 770 was 739, checked in by Silvan Scherrer, 13 years ago

Samba Server 3.5: update branche to 3.5.19

File size: 7.5 KB
Line 
1'\" t
2.\" Title: sharesec
3.\" Author: [see the "AUTHOR" section]
4.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
5.\" Date: 11/01/2012
6.\" Manual: User Commands
7.\" Source: Samba 3.5
8.\" Language: English
9.\"
10.TH "SHARESEC" "1" "11/01/2012" "Samba 3\&.5" "User Commands"
11.\" -----------------------------------------------------------------
12.\" * set default formatting
13.\" -----------------------------------------------------------------
14.\" disable hyphenation
15.nh
16.\" disable justification (adjust text to left margin only)
17.ad l
18.\" -----------------------------------------------------------------
19.\" * MAIN CONTENT STARTS HERE *
20.\" -----------------------------------------------------------------
21.SH "NAME"
22sharesec \- Set or get share ACLs
23.SH "SYNOPSIS"
24.HP \w'\ 'u
25sharesec {sharename} [\-r,\ \-\-remove=ACL] [\-m,\ \-\-modify=ACL] [\-a,\ \-\-add=ACL] [\-R,\ \-\-replace=ACLs] [\-D,\ \-\-delete] [\-v,\ \-\-view] [\-M,\ \-\-machine\-sid] [\-F,\ \-\-force] [\-d,\ \-\-debuglevel=DEBUGLEVEL] [\-s,\ \-\-configfile=CONFIGFILE] [\-l,\ \-\-log\-basename=LOGFILEBASE] [\-V,\ \-\-version] [\-?,\ \-\-help] [\-\-usage]
26.SH "DESCRIPTION"
27.PP
28This tool is part of the
29\fBsamba\fR(7)
30suite\&.
31.PP
32The
33sharesec
34program manipulates share permissions on SMB file shares\&.
35.SH "OPTIONS"
36.PP
37The following options are available to the
38sharesec
39program\&. The format of ACLs is described in the section ACL FORMAT
40.PP
41\-a|\-\-add=ACL
42.RS 4
43Add the ACEs specified to the ACL list\&.
44.RE
45.PP
46\-D|\-\-delete
47.RS 4
48Delete the entire security descriptor\&.
49.RE
50.PP
51\-F|\-\-force
52.RS 4
53Force storing the ACL\&.
54.RE
55.PP
56\-m|\-\-modify=ACL
57.RS 4
58Modify existing ACEs\&.
59.RE
60.PP
61\-M|\-\-machine\-sid
62.RS 4
63Initialize the machine SID\&.
64.RE
65.PP
66\-r|\-\-remove=ACL
67.RS 4
68Remove ACEs\&.
69.RE
70.PP
71\-R|\-\-replace=ACLS
72.RS 4
73Overwrite an existing share permission ACL\&.
74.RE
75.PP
76\-h|\-\-help
77.RS 4
78Print a summary of command line options\&.
79.RE
80.PP
81\-d|\-\-debuglevel=level
82.RS 4
83\fIlevel\fR
84is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
85.sp
86The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
87.sp
88Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
89.sp
90Note that specifying this parameter here will override the
91\m[blue]\fB\%smb.conf.5.html#\fR\m[]
92parameter in the
93smb\&.conf
94file\&.
95.RE
96.PP
97\-V|\-\-version
98.RS 4
99Prints the program version number\&.
100.RE
101.PP
102\-s|\-\-configfile <configuration file>
103.RS 4
104The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
105smb\&.conf
106for more information\&. The default configuration file name is determined at compile time\&.
107.RE
108.PP
109\-l|\-\-log\-basename=logdirectory
110.RS 4
111Base directory name for log/debug files\&. The extension
112\fB"\&.progname"\fR
113will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
114.RE
115.SH "ACL FORMAT"
116.PP
117The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
118.PP
119.if n \{\
120.RS 4
121.\}
122.nf
123 REVISION:<revision number>
124 OWNER:<sid or name>
125 GROUP:<sid or name>
126 ACL:<sid or name>:<type>/<flags>/<mask>
127
128.fi
129.if n \{\
130.RE
131.\}
132.PP
133The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
134.PP
135The owner and group specify the owner and group SIDs for the object\&. If a SID in the format S\-1\-x\-y\-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
136.PP
137ACLs specify permissions granted to the SID\&. This SID can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
138.PP
139The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for share ACLs\&.
140.PP
141The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
142.sp
143.RS 4
144.ie n \{\
145\h'-04'\(bu\h'+03'\c
146.\}
147.el \{\
148.sp -1
149.IP \(bu 2.3
150.\}
151\fIR\fR
152\- Allow read access
153.RE
154.sp
155.RS 4
156.ie n \{\
157\h'-04'\(bu\h'+03'\c
158.\}
159.el \{\
160.sp -1
161.IP \(bu 2.3
162.\}
163\fIW\fR
164\- Allow write access
165.RE
166.sp
167.RS 4
168.ie n \{\
169\h'-04'\(bu\h'+03'\c
170.\}
171.el \{\
172.sp -1
173.IP \(bu 2.3
174.\}
175\fIX\fR
176\- Execute permission on the object
177.RE
178.sp
179.RS 4
180.ie n \{\
181\h'-04'\(bu\h'+03'\c
182.\}
183.el \{\
184.sp -1
185.IP \(bu 2.3
186.\}
187\fID\fR
188\- Delete the object
189.RE
190.sp
191.RS 4
192.ie n \{\
193\h'-04'\(bu\h'+03'\c
194.\}
195.el \{\
196.sp -1
197.IP \(bu 2.3
198.\}
199\fIP\fR
200\- Change permissions
201.RE
202.sp
203.RS 4
204.ie n \{\
205\h'-04'\(bu\h'+03'\c
206.\}
207.el \{\
208.sp -1
209.IP \(bu 2.3
210.\}
211\fIO\fR
212\- Take ownership
213.sp
214.RE
215.PP
216The following combined permissions can be specified:
217.sp
218.RS 4
219.ie n \{\
220\h'-04'\(bu\h'+03'\c
221.\}
222.el \{\
223.sp -1
224.IP \(bu 2.3
225.\}
226\fIREAD\fR
227\- Equivalent to \'RX\' permissions
228.RE
229.sp
230.RS 4
231.ie n \{\
232\h'-04'\(bu\h'+03'\c
233.\}
234.el \{\
235.sp -1
236.IP \(bu 2.3
237.\}
238\fICHANGE\fR
239\- Equivalent to \'RXWD\' permissions
240.RE
241.sp
242.RS 4
243.ie n \{\
244\h'-04'\(bu\h'+03'\c
245.\}
246.el \{\
247.sp -1
248.IP \(bu 2.3
249.\}
250\fIFULL\fR
251\- Equivalent to \'RWXDPO\' permissions
252.SH "EXIT STATUS"
253.PP
254The
255sharesec
256program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
257.PP
258If the operation succeeded, sharesec returns and exit status of 0\&. If
259sharesec
260couldn\'t connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
261.SH "EXAMPLES"
262.PP
263Add full access for SID
264\fIS\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724\fR
265on
266\fIshare\fR:
267.sp
268.if n \{\
269.RS 4
270.\}
271.nf
272 host:~ # sharesec share \-a S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
273
274.fi
275.if n \{\
276.RE
277.\}
278.PP
279List all ACEs for
280\fIshare\fR:
281.sp
282.if n \{\
283.RS 4
284.\}
285.nf
286 host:~ # sharesec share \-v
287 REVISION:1
288 OWNER:(NULL SID)
289 GROUP:(NULL SID)
290 ACL:S\-1\-1\-0:ALLOWED/0/0x101f01ff
291 ACL:S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
292
293.fi
294.if n \{\
295.RE
296.\}
297.SH "VERSION"
298.PP
299This man page is correct for version 3 of the Samba suite\&.
300.SH "AUTHOR"
301.PP
302The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Note: See TracBrowser for help on using the repository browser.