summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarolin Seeger <kseeger@samba.org>2009-02-09 21:00:47 +0100
committerKarolin Seeger <kseeger@samba.org>2009-02-09 21:01:29 +0100
commitcc51cbc862055975bcef016876662576b00e72ef (patch)
tree55369d41be8d3c5590190ef934c664046f50f21d
parent07a8ad711b3ff0e922db9e6ba274594ef4c27b90 (diff)
downloadsamba-cc51cbc862055975bcef016876662576b00e72ef.tar.gz
samba-cc51cbc862055975bcef016876662576b00e72ef.tar.bz2
samba-cc51cbc862055975bcef016876662576b00e72ef.zip
docs: Add man sharesec.
Karolin
-rw-r--r--docs-xml/manpages-3/sharesec.1.xml220
1 files changed, 220 insertions, 0 deletions
diff --git a/docs-xml/manpages-3/sharesec.1.xml b/docs-xml/manpages-3/sharesec.1.xml
new file mode 100644
index 0000000000..d8ac510b69
--- /dev/null
+++ b/docs-xml/manpages-3/sharesec.1.xml
@@ -0,0 +1,220 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="sharesec.1">
+
+<refmeta>
+ <refentrytitle>sharesec</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">User Commands</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>sharesec</refname>
+ <refpurpose>Set or get share ACLs</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>sharesec</command>
+ <arg choice="req">sharename</arg>
+ <arg choice="opt">-r, --remove=ACL</arg>
+ <arg choice="opt">-m, --modify=ACL</arg>
+ <arg choice="opt">-a, --add=ACL</arg>
+ <arg choice="opt">-R, --replace=ACLs</arg>
+ <arg choice="opt">-D, --delete</arg>
+ <arg choice="opt">-v, --view</arg>
+ <arg choice="opt">-M, --machine-sid</arg>
+ <arg choice="opt">-F, --force</arg>
+ <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">-s, --configfile=CONFIGFILE</arg>
+ <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">-V, --version</arg>
+ <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">--usage</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>sharesec</command> program manipulates share permissions
+ on SMB file shares.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <para>The following options are available to the <command>sharesec</command> program.
+ The format of ACLs is described in the section ACL FORMAT </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a|--add=ACL</term>
+ <listitem><para>Add the ACEs specified to the ACL list.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D|--delete</term>
+ <listitem><para>Delete the entire security descriptor.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-F|--force</term>
+ <listitem><para>Force storing the ACL.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m|--modify=ACL</term>
+ <listitem><para>Modify existing ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-M|--machine-sid</term>
+ <listitem><para>Initialize the machine SID.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r|--remove=ACL</term>
+ <listitem><para>Remove ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-R|--replace=ACLS</term>
+ <listitem><para>
+ Overwrite an existing share permission ACL.
+ </para></listitem>
+ </varlistentry>
+
+ &stdarg.help;
+ &stdarg.server.debug;
+ &popt.common.samba;
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>ACL FORMAT</title>
+
+ <para>The format of an ACL is one or more ACL entries separated by
+ either commas or newlines. An ACL entry is one of the following: </para>
+
+ <para><programlisting>
+ REVISION:&lt;revision number&gt;
+ OWNER:&lt;sid or name&gt;
+ GROUP:&lt;sid or name&gt;
+ ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
+ </programlisting></para>
+
+ <para>The revision of the ACL specifies the internal Windows
+ NT ACL revision for the security descriptor.
+ If not specified it defaults to 1. Using values other than 1 may
+ cause strange behaviour.</para>
+
+ <para>The owner and group specify the owner and group SIDs for the
+ object. If a SID in the format S-1-x-y-z is specified this is used,
+ otherwise the name specified is resolved using the server on which
+ the file or directory resides.</para>
+
+ <para>ACLs specify permissions granted to the SID. This SID
+ can be specified in S-1-x-y-z format or as a name in which case
+ it is resolved against the server on which the file or directory
+ resides. The type, flags and mask values determine the type of
+ access granted to the SID.</para>
+
+ <para>The type can be either ALLOWED or DENIED to allow/deny access
+ to the SID. The flags values are generally zero for share ACLs.
+ </para>
+
+ <para>The mask is a value which expresses the access right
+ granted to the SID. It can be given as a decimal or hexadecimal value,
+ or by using one of the following text strings which map to the NT
+ file permissions of the same name.</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
+ <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
+ <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
+ <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
+ <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
+ <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
+ </itemizedlist>
+
+ <para>The following combined permissions can be specified:</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
+ permissions</para></listitem>
+ <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
+ </para></listitem>
+ <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
+ permissions</para></listitem>
+ </itemizedlist>
+ </refsect1>
+
+<refsect1>
+ <title>EXIT STATUS</title>
+
+ <para>The <command>sharesec</command> program sets the exit status
+ depending on the success or otherwise of the operations performed.
+ The exit status may be one of the following values. </para>
+
+ <para>If the operation succeeded, sharesec returns and exit
+ status of 0. If <command>sharesec</command> couldn't connect to the specified server,
+ or there was an error getting or setting the ACLs, an exit status
+ of 1 is returned. If there was an error parsing any command line
+ arguments, an exit status of 2 is returned. </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Add full access for SID
+ <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on
+ <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ </programlisting>
+
+ <para>List all ACEs for <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -v
+ REVISION:1
+ OWNER:(NULL SID)
+ GROUP:(NULL SID)
+ ACL:S-1-1-0:ALLOWED/0/0x101f01ff
+ ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>