summaryrefslogtreecommitdiff
path: root/net/samba419/files/man/sharesec.1
diff options
context:
space:
mode:
Diffstat (limited to 'net/samba419/files/man/sharesec.1')
-rw-r--r--net/samba419/files/man/sharesec.1364
1 files changed, 364 insertions, 0 deletions
diff --git a/net/samba419/files/man/sharesec.1 b/net/samba419/files/man/sharesec.1
new file mode 100644
index 000000000000..f768a0f724d1
--- /dev/null
+++ b/net/samba419/files/man/sharesec.1
@@ -0,0 +1,364 @@
+'\" t
+.\" Title: sharesec
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 08/09/2022
+.\" Manual: User Commands
+.\" Source: Samba 4.16.4
+.\" Language: English
+.\"
+.TH "SHARESEC" "1" "08/09/2022" "Samba 4\&.16\&.4" "User Commands"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+sharesec \- Set or get share ACLs
+.SH "SYNOPSIS"
+.HP \w'\ 'u
+sharesec {sharename} [\-r,\ \-\-remove=ACL] [\-m,\ \-\-modify=ACL] [\-a,\ \-\-add=ACL] [\-R,\ \-\-replace=ACLs] [\-D,\ \-\-delete] [\-v,\ \-\-view] [\-\-view\-all] [\-M,\ \-\-machine\-sid] [\-F,\ \-\-force] [\-d,\ \-\-debuglevel=DEBUGLEVEL] [\-s,\ \-\-configfile=CONFIGFILE] [\-l,\ \-\-log\-basename=LOGFILEBASE] [\-S,\ \-\-setsddl=STRING] [\-\-viewsddl] [\-?|\-\-help] [\-\-usage] [\-d|\-\-debuglevel=DEBUGLEVEL] [\-\-debug\-stdout] [\-\-configfile=CONFIGFILE] [\-\-option=name=value] [\-l|\-\-log\-basename=LOGFILEBASE] [\-\-leak\-report] [\-\-leak\-report\-full]
+.SH "DESCRIPTION"
+.PP
+This tool is part of the
+\fBsamba\fR(7)
+suite\&.
+.PP
+The
+sharesec
+program manipulates share permissions on SMB file shares\&.
+.SH "OPTIONS"
+.PP
+The following options are available to the
+sharesec
+program\&. The format of ACLs is described in the section ACL FORMAT
+.PP
+\-a|\-\-add=ACL
+.RS 4
+Add the ACEs specified to the ACL list\&.
+.RE
+.PP
+\-D|\-\-delete
+.RS 4
+Delete the entire security descriptor\&.
+.RE
+.PP
+\-F|\-\-force
+.RS 4
+Force storing the ACL\&.
+.RE
+.PP
+\-m|\-\-modify=ACL
+.RS 4
+Modify existing ACEs\&.
+.RE
+.PP
+\-M|\-\-machine\-sid
+.RS 4
+Initialize the machine SID\&.
+.RE
+.PP
+\-r|\-\-remove=ACL
+.RS 4
+Remove ACEs\&.
+.RE
+.PP
+\-R|\-\-replace=ACLS
+.RS 4
+Overwrite an existing share permission ACL\&.
+.RE
+.PP
+\-v|\-\-view
+.RS 4
+List a share acl
+.RE
+.PP
+\-\-view\-all
+.RS 4
+List all share acls
+.RE
+.PP
+\-S|\-\-setsddl=STRING
+.RS 4
+Set security descriptor by providing ACL in SDDL format\&.
+.RE
+.PP
+\-\-viewsddl
+.RS 4
+List a share acl in SDDL format\&.
+.RE
+.PP
+\-?|\-\-help
+.RS 4
+Print a summary of command line options\&.
+.RE
+.PP
+\-\-usage
+.RS 4
+Display brief usage message\&.
+.RE
+.PP
+\-d|\-\-debuglevel=DEBUGLEVEL
+.RS 4
+\fIlevel\fR
+is an integer from 0 to 10\&. The default value if this parameter is not specified is 1 for client applications\&.
+.sp
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
+.sp
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
+.sp
+Note that specifying this parameter here will override the
+\m[blue]\fBlog level\fR\m[]
+parameter in the
+smb\&.conf
+file\&.
+.RE
+.PP
+\-\-debug\-stdout
+.RS 4
+This will redirect debug output to STDOUT\&. By default all clients are logging to STDERR\&.
+.RE
+.PP
+\-\-configfile=<configuration file>
+.RS 4
+The file specified contains the configuration details required by the client\&. The information in this file can be general for client and server or only provide client specific like options such as
+\m[blue]\fBclient smb encrypt\fR\m[]\&. See
+smb\&.conf
+for more information\&. The default configuration file name is determined at compile time\&.
+.RE
+.PP
+\-\-option=<name>=<value>
+.RS 4
+Set the
+\fBsmb.conf\fR(5)
+option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&.
+.RE
+.PP
+\-l|\-\-log\-basename=logdirectory
+.RS 4
+Base directory name for log/debug files\&. The extension
+\fB"\&.progname"\fR
+will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
+.RE
+.PP
+\-\-leak\-report
+.RS 4
+Enable talloc leak reporting on exit\&.
+.RE
+.PP
+\-\-leak\-report\-full
+.RS 4
+Enable full talloc leak reporting on exit\&.
+.RE
+.PP
+\-V|\-\-version
+.RS 4
+Prints the program version number\&.
+.RE
+.SH "ACL FORMAT"
+.PP
+The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
+.PP
+.if n \{\
+.RS 4
+.\}
+.nf
+ REVISION:<revision number>
+ OWNER:<sid or name>
+ GROUP:<sid or name>
+ ACL:<sid or name>:<type>/<flags>/<mask>
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
+.PP
+The owner and group specify the owner and group SIDs for the object\&. Share ACLs do not specify an owner or a group, so these fields are empty\&.
+.PP
+ACLs specify permissions granted to the SID\&. This SID can be specified in S\-1\-x\-y\-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
+.PP
+The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The flags values are generally zero for share ACLs\&.
+.PP
+The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
+.RS
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIR\fR
+\- Allow read access
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIW\fR
+\- Allow write access
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIX\fR
+\- Execute permission on the object
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fID\fR
+\- Delete the object
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIP\fR
+\- Change permissions
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIO\fR
+\- Take ownership
+.RE
+.sp
+.RE
+.PP
+The following combined permissions can be specified:
+.RS
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIREAD\fR
+\- Equivalent to \*(AqRX\*(Aq permissions
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fICHANGE\fR
+\- Equivalent to \*(AqRXWD\*(Aq permissions
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fIFULL\fR
+\- Equivalent to \*(AqRWXDPO\*(Aq permissions
+.RE
+.SH "EXIT STATUS"
+.PP
+The
+sharesec
+program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
+.PP
+If the operation succeeded, sharesec returns and exit status of 0\&. If
+sharesec
+couldn\*(Aqt connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
+.SH "EXAMPLES"
+.PP
+Add full access for SID
+\fIS\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724\fR
+on
+\fIshare\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ host:~ # sharesec share \-a S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0/FULL
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+List all ACEs for
+\fIshare\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ host:~ # sharesec share \-v
+ REVISION:1
+ CONTROL:SR|DP
+ OWNER:
+ GROUP:
+ ACL:S\-1\-1\-0:ALLOWED/0x0/FULL
+ ACL:S\-1\-5\-21\-1866488690\-1365729215\-3963860297\-17724:ALLOWED/0x0/FULL
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "VERSION"
+.PP
+This man page is part of version 4\&.16\&.4 of the Samba suite\&.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-03 12:56:14 +0000