diff options
author | Karolin Seeger <kseeger@samba.org> | 2009-02-09 21:00:47 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-09 21:01:29 +0100 |
commit | cc51cbc862055975bcef016876662576b00e72ef (patch) | |
tree | 55369d41be8d3c5590190ef934c664046f50f21d | |
parent | 07a8ad711b3ff0e922db9e6ba274594ef4c27b90 (diff) | |
download | samba-cc51cbc862055975bcef016876662576b00e72ef.tar.gz samba-cc51cbc862055975bcef016876662576b00e72ef.tar.bz2 samba-cc51cbc862055975bcef016876662576b00e72ef.zip |
docs: Add man sharesec.
Karolin
-rw-r--r-- | docs-xml/manpages-3/sharesec.1.xml | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/docs-xml/manpages-3/sharesec.1.xml b/docs-xml/manpages-3/sharesec.1.xml new file mode 100644 index 0000000000..d8ac510b69 --- /dev/null +++ b/docs-xml/manpages-3/sharesec.1.xml @@ -0,0 +1,220 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="sharesec.1"> + +<refmeta> + <refentrytitle>sharesec</refentrytitle> + <manvolnum>1</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">User Commands</refmiscinfo> + <refmiscinfo class="version">3.3</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>sharesec</refname> + <refpurpose>Set or get share ACLs</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>sharesec</command> + <arg choice="req">sharename</arg> + <arg choice="opt">-r, --remove=ACL</arg> + <arg choice="opt">-m, --modify=ACL</arg> + <arg choice="opt">-a, --add=ACL</arg> + <arg choice="opt">-R, --replace=ACLs</arg> + <arg choice="opt">-D, --delete</arg> + <arg choice="opt">-v, --view</arg> + <arg choice="opt">-M, --machine-sid</arg> + <arg choice="opt">-F, --force</arg> + <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">-s, --configfile=CONFIGFILE</arg> + <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg> + <arg choice="opt">-V, --version</arg> + <arg choice="opt">-?, --help</arg> + <arg choice="opt">--usage</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>sharesec</command> program manipulates share permissions + on SMB file shares.</para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>sharesec</command> program. + The format of ACLs is described in the section ACL FORMAT </para> + + <variablelist> + <varlistentry> + <term>-a|--add=ACL</term> + <listitem><para>Add the ACEs specified to the ACL list. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-D|--delete</term> + <listitem><para>Delete the entire security descriptor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-F|--force</term> + <listitem><para>Force storing the ACL. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-m|--modify=ACL</term> + <listitem><para>Modify existing ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-M|--machine-sid</term> + <listitem><para>Initialize the machine SID. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-r|--remove=ACL</term> + <listitem><para>Remove ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-R|--replace=ACLS</term> + <listitem><para> + Overwrite an existing share permission ACL. + </para></listitem> + </varlistentry> + + &stdarg.help; + &stdarg.server.debug; + &popt.common.samba; + </variablelist> +</refsect1> + + +<refsect1> + <title>ACL FORMAT</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + + <para><programlisting> + REVISION:<revision number> + OWNER:<sid or name> + GROUP:<sid or name> + ACL:<sid or name>:<type>/<flags>/<mask> + </programlisting></para> + + <para>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.</para> + + <para>The owner and group specify the owner and group SIDs for the + object. If a SID in the format S-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides.</para> + + <para>ACLs specify permissions granted to the SID. This SID + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.</para> + + <para>The type can be either ALLOWED or DENIED to allow/deny access + to the SID. The flags values are generally zero for share ACLs. + </para> + + <para>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.</para> + + <itemizedlist> + <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem> + <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem> + <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem> + <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem> + <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem> + <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem> + </itemizedlist> + + <para>The following combined permissions can be specified:</para> + + <itemizedlist> + <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX' + permissions</para></listitem> + <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions + </para></listitem> + <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' + permissions</para></listitem> + </itemizedlist> + </refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>sharesec</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, sharesec returns and exit + status of 0. If <command>sharesec</command> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>Add full access for SID + <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on + <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </programlisting> + + <para>List all ACEs for <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -v + REVISION:1 + OWNER:(NULL SID) + GROUP:(NULL SID) + ACL:S-1-1-0:ALLOWED/0/0x101f01ff + ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> |