diff options
Diffstat (limited to 'docs-xml/manpages/sharesec.1.xml')
-rw-r--r-- | docs-xml/manpages/sharesec.1.xml | 256 |
1 files changed, 256 insertions, 0 deletions
diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml new file mode 100644 index 0000000..897adbc --- /dev/null +++ b/docs-xml/manpages/sharesec.1.xml @@ -0,0 +1,256 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="sharesec.1"> + +<refmeta> + <refentrytitle>sharesec</refentrytitle> + <manvolnum>1</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">User Commands</refmiscinfo> + <refmiscinfo class="version">&doc.version;</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>sharesec</refname> + <refpurpose>Set or get share ACLs</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>sharesec</command> + <arg choice="req">sharename</arg> + <arg choice="opt">-r, --remove=ACL</arg> + <arg choice="opt">-m, --modify=ACL</arg> + <arg choice="opt">-a, --add=ACL</arg> + <arg choice="opt">-R, --replace=ACLs</arg> + <arg choice="opt">-D, --delete</arg> + <arg choice="opt">-v, --view</arg> + <arg choice="opt">--view-all</arg> + <arg choice="opt">-M, --machine-sid</arg> + <arg choice="opt">-F, --force</arg> + <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">-s, --configfile=CONFIGFILE</arg> + <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg> + <arg choice="opt">-S, --setsddl=STRING</arg> + <arg choice="opt">--viewsddl</arg> + <arg choice="opt">-?|--help</arg> + <arg choice="opt">--usage</arg> + <arg choice="opt">-d|--debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">--debug-stdout</arg> + <arg choice="opt">--configfile=CONFIGFILE</arg> + <arg choice="opt">--option=name=value</arg> + <arg choice="opt">-l|--log-basename=LOGFILEBASE</arg> + <arg choice="opt">--leak-report</arg> + <arg choice="opt">--leak-report-full</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>sharesec</command> program manipulates share permissions + on SMB file shares.</para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>sharesec</command> program. + The format of ACLs is described in the section ACL FORMAT </para> + + <variablelist> + <varlistentry> + <term>-a|--add=ACL</term> + <listitem><para>Add the ACEs specified to the ACL list. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-D|--delete</term> + <listitem><para>Delete the entire security descriptor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-F|--force</term> + <listitem><para>Force storing the ACL. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-m|--modify=ACL</term> + <listitem><para>Modify existing ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-M|--machine-sid</term> + <listitem><para>Initialize the machine SID. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-r|--remove=ACL</term> + <listitem><para>Remove ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-R|--replace=ACLS</term> + <listitem><para> + Overwrite an existing share permission ACL. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-v|--view</term> + <listitem><para> + List a share acl + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--view-all</term> + <listitem><para> + List all share acls + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S|--setsddl=STRING</term> + <listitem><para> + Set security descriptor by providing ACL in SDDL format. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--viewsddl</term> + <listitem><para> + List a share acl in SDDL format. + </para></listitem> + </varlistentry> + + &popt.autohelp; + &cmdline.common.samba.client; + </variablelist> +</refsect1> + + +<refsect1> + <title>ACL FORMAT</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + + <para><programlisting> + REVISION:<revision number> + OWNER:<sid or name> + GROUP:<sid or name> + ACL:<sid or name>:<type>/<flags>/<mask> + </programlisting></para> + + <para>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.</para> + + <para>The owner and group specify the owner and group SIDs for + the object. Share ACLs do not specify an owner or a group, so + these fields are empty.</para> + + <para>ACLs specify permissions granted to the SID. This SID + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.</para> + + <para>The type can be either ALLOWED or DENIED to allow/deny access + to the SID. The flags values are generally zero for share ACLs. + </para> + + <para>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.</para> + + <itemizedlist> + <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem> + <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem> + <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem> + <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem> + <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem> + <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem> + </itemizedlist> + + <para>The following combined permissions can be specified:</para> + + <itemizedlist> + <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX' + permissions</para></listitem> + <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions + </para></listitem> + <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' + permissions</para></listitem> + </itemizedlist> + </refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>sharesec</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, sharesec returns and exit + status of 0. If <command>sharesec</command> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>Add full access for SID + <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on + <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </programlisting> + + <para>List all ACEs for <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -v + REVISION:1 + CONTROL:SR|DP + OWNER: + GROUP: + ACL:S-1-1-0:ALLOWED/0x0/FULL + ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0x0/FULL + </programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is part of version &doc.version; of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> |