2
.\" Author: [see the "AUTHOR" section]
3
.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5
.\" Manual: User Commands
9
.TH "SHARESEC" "1" "02/24/2009" "Samba 3\&.3" "User Commands"
10
.\" -----------------------------------------------------------------
11
.\" * (re)Define some macros
12
.\" -----------------------------------------------------------------
13
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14
.\" toupper - uppercase a string (locale-aware)
15
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22
.\" SH-xref - format a cross-reference to an SH section
23
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33
.\" SH - level-one heading that works better for non-TTY output
34
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36
.\" put an extra blank line of space above the head in non-TTY output
43
.nr an-prevailing-indent \\n[IN]
47
.HTML-TAG ".NH \\n[an-level]"
49
.nr an-no-space-flag 1
51
\." make the size of the head bigger
56
.\" if n (TTY output), use uppercase
61
.\" if not n (not TTY), use normal case (not uppercase)
65
.\" if not n (not TTY), put a border/line under subheading
70
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71
.\" SS - level-two heading that works better for non-TTY output
72
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77
.nr an-prevailing-indent \\n[IN]
82
.nr an-no-space-flag 1
85
\." make the size of the head bigger
91
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92
.\" BB/BE - put background/screen (filled box) around block of text
93
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106
.if "\\$2"adjust-for-leading-newline" \{\
114
.nr BW \\n(.lu-\\n(.i
117
.ie "\\$2"adjust-for-leading-newline" \{\
118
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133
.\" BM/EM - put colored marker in margin next to block of text
134
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159
.\" -----------------------------------------------------------------
160
.\" * set default formatting
161
.\" -----------------------------------------------------------------
162
.\" disable hyphenation
164
.\" disable justification (adjust text to left margin only)
166
.\" -----------------------------------------------------------------
167
.\" * MAIN CONTENT STARTS HERE *
168
.\" -----------------------------------------------------------------
170
sharesec \- Set or get share ACLs
174
\FCsharesec\F[] {sharename} [\-r,\ \-\-remove=ACL] [\-m,\ \-\-modify=ACL] [\-a,\ \-\-add=ACL] [\-R,\ \-\-replace=ACLs] [\-D,\ \-\-delete] [\-v,\ \-\-view] [\-M,\ \-\-machine\-sid] [\-F,\ \-\-force] [\-d,\ \-\-debuglevel=DEBUGLEVEL] [\-s,\ \-\-configfile=CONFIGFILE] [\-l,\ \-\-log\-basename=LOGFILEBASE] [\-V,\ \-\-version] [\-?,\ \-\-help] [\-\-usage]
178
This tool is part of the
184
program manipulates share permissions on SMB file shares\&.
187
The following options are available to the
189
program\&. The format of ACLs is described in the section ACL FORMAT
193
Add the ACEs specified to the ACL list\&.
198
Delete the entire security descriptor\&.
203
Force storing the ACL\&.
208
Modify existing ACEs\&.
213
Initialize the machine SID\&.
223
Overwrite an existing share permission ACL\&.
228
Print a summary of command line options\&.
231
\-d|\-\-debuglevel=level
234
is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
236
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
238
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
240
Note that specifying this parameter here will override the
241
\m[blue]\fBlog level\fR\m[]
249
Prints the program version number\&.
252
\-s <configuration file>
254
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
256
for more information\&. The default configuration file name is determined at compile time\&.
259
\-l|\-\-log\-basename=logdirectory
261
Base directory name for log/debug files\&. The extension
263
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
267
The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
278
.BB lightgray adjust-for-leading-newline
281
REVISION:<revision number>
284
ACL:<sid or name>:<type>/<flags>/<mask>
286
.EB lightgray adjust-for-leading-newline
297
The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
299
The owner and group specify the owner and group SIDs for the object\&. If a SID in the format S\-1\-x\-y\-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
301
ACLs specify permissions granted to the SID\&. This SID can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
303
The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for share ACLs\&.
305
The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
328
\- Allow write access
340
\- Execute permission on the object
364
\- Change permissions
380
The following combined permissions can be specified:
391
\- Equivalent to \'RX\' permissions
403
\- Equivalent to \'RXWD\' permissions
415
\- Equivalent to \'RWXDPO\' permissions
420
program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
422
If the operation succeeded, sharesec returns and exit status of 0\&. If
424
couldn\'t connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
427
Add full access for SID
428
\fIS\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724\fR
441
.BB lightgray adjust-for-leading-newline
444
host:~ # sharesec share \-a S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
446
.EB lightgray adjust-for-leading-newline
469
.BB lightgray adjust-for-leading-newline
472
host:~ # sharesec share \-v
476
ACL:S\-1\-1\-0:ALLOWED/0/0x101f01ff
477
ACL:S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
479
.EB lightgray adjust-for-leading-newline
491
This man page is correct for version 3 of the Samba suite\&.
494
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.