summaryrefslogtreecommitdiffstats
path: root/docs-xml/manpages/sharesec.1.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/manpages/sharesec.1.xml')
-rw-r--r--docs-xml/manpages/sharesec.1.xml256
1 files changed, 256 insertions, 0 deletions
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
new file mode 100644
index 0000000..897adbc
--- /dev/null
+++ b/docs-xml/manpages/sharesec.1.xml
@@ -0,0 +1,256 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="sharesec.1">
+
+<refmeta>
+ <refentrytitle>sharesec</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">User Commands</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>sharesec</refname>
+ <refpurpose>Set or get share ACLs</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>sharesec</command>
+ <arg choice="req">sharename</arg>
+ <arg choice="opt">-r, --remove=ACL</arg>
+ <arg choice="opt">-m, --modify=ACL</arg>
+ <arg choice="opt">-a, --add=ACL</arg>
+ <arg choice="opt">-R, --replace=ACLs</arg>
+ <arg choice="opt">-D, --delete</arg>
+ <arg choice="opt">-v, --view</arg>
+ <arg choice="opt">--view-all</arg>
+ <arg choice="opt">-M, --machine-sid</arg>
+ <arg choice="opt">-F, --force</arg>
+ <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">-s, --configfile=CONFIGFILE</arg>
+ <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">-S, --setsddl=STRING</arg>
+ <arg choice="opt">--viewsddl</arg>
+ <arg choice="opt">-?|--help</arg>
+ <arg choice="opt">--usage</arg>
+ <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">--debug-stdout</arg>
+ <arg choice="opt">--configfile=CONFIGFILE</arg>
+ <arg choice="opt">--option=name=value</arg>
+ <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">--leak-report</arg>
+ <arg choice="opt">--leak-report-full</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>sharesec</command> program manipulates share permissions
+ on SMB file shares.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <para>The following options are available to the <command>sharesec</command> program.
+ The format of ACLs is described in the section ACL FORMAT </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a|--add=ACL</term>
+ <listitem><para>Add the ACEs specified to the ACL list.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D|--delete</term>
+ <listitem><para>Delete the entire security descriptor.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-F|--force</term>
+ <listitem><para>Force storing the ACL.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m|--modify=ACL</term>
+ <listitem><para>Modify existing ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-M|--machine-sid</term>
+ <listitem><para>Initialize the machine SID.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r|--remove=ACL</term>
+ <listitem><para>Remove ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-R|--replace=ACLS</term>
+ <listitem><para>
+ Overwrite an existing share permission ACL.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v|--view</term>
+ <listitem><para>
+ List a share acl
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--view-all</term>
+ <listitem><para>
+ List all share acls
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-S|--setsddl=STRING</term>
+ <listitem><para>
+ Set security descriptor by providing ACL in SDDL format.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>--viewsddl</term>
+ <listitem><para>
+ List a share acl in SDDL format.
+ </para></listitem>
+ </varlistentry>
+
+ &popt.autohelp;
+ &cmdline.common.samba.client;
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>ACL FORMAT</title>
+
+ <para>The format of an ACL is one or more ACL entries separated by
+ either commas or newlines. An ACL entry is one of the following: </para>
+
+ <para><programlisting>
+ REVISION:&lt;revision number&gt;
+ OWNER:&lt;sid or name&gt;
+ GROUP:&lt;sid or name&gt;
+ ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
+ </programlisting></para>
+
+ <para>The revision of the ACL specifies the internal Windows
+ NT ACL revision for the security descriptor.
+ If not specified it defaults to 1. Using values other than 1 may
+ cause strange behaviour.</para>
+
+ <para>The owner and group specify the owner and group SIDs for
+ the object. Share ACLs do not specify an owner or a group, so
+ these fields are empty.</para>
+
+ <para>ACLs specify permissions granted to the SID. This SID
+ can be specified in S-1-x-y-z format or as a name in which case
+ it is resolved against the server on which the file or directory
+ resides. The type, flags and mask values determine the type of
+ access granted to the SID.</para>
+
+ <para>The type can be either ALLOWED or DENIED to allow/deny access
+ to the SID. The flags values are generally zero for share ACLs.
+ </para>
+
+ <para>The mask is a value which expresses the access right
+ granted to the SID. It can be given as a decimal or hexadecimal value,
+ or by using one of the following text strings which map to the NT
+ file permissions of the same name.</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
+ <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
+ <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
+ <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
+ <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
+ <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
+ </itemizedlist>
+
+ <para>The following combined permissions can be specified:</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
+ permissions</para></listitem>
+ <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
+ </para></listitem>
+ <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
+ permissions</para></listitem>
+ </itemizedlist>
+ </refsect1>
+
+<refsect1>
+ <title>EXIT STATUS</title>
+
+ <para>The <command>sharesec</command> program sets the exit status
+ depending on the success or otherwise of the operations performed.
+ The exit status may be one of the following values. </para>
+
+ <para>If the operation succeeded, sharesec returns and exit
+ status of 0. If <command>sharesec</command> couldn't connect to the specified server,
+ or there was an error getting or setting the ACLs, an exit status
+ of 1 is returned. If there was an error parsing any command line
+ arguments, an exit status of 2 is returned. </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Add full access for SID
+ <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on
+ <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ </programlisting>
+
+ <para>List all ACEs for <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -v
+ REVISION:1
+ CONTROL:SR|DP
+ OWNER:
+ GROUP:
+ ACL:S-1-1-0:ALLOWED/0x0/FULL
+ ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0x0/FULL
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is part of version &doc.version; of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>