SHARESEC - Online Linux Manual PageSection : 1
Updated : 03/29/2023
Source : Samba 4​.18​.1
Note : User Commands

NAMEsharesec − Set or get share ACLs

SYNOPSISsharesec {sharename} [−r, −−remove=ACL] [−m, −−modify=ACL] [−a, −−add=ACL] [−R, −−replace=ACLs] [−D, −−delete] [−v, −−view] [−−view−all] [−M, −−machine−sid] [−F, −−force] [−d, −−debuglevel=DEBUGLEVEL] [−s, −−configfile=CONFIGFILE] [−l, −−log−basename=LOGFILEBASE] [−S, −−setsddl=STRING] [−−viewsddl] [−?|−−help] [−−usage] [−d|−−debuglevel=DEBUGLEVEL] [−−debug−stdout] [−−configfile=CONFIGFILE] [−−option=name=value] [−l|−−log−basename=LOGFILEBASE] [−−leak−report] [−−leak−report−full]

DESCRIPTIONThis tool is part of the samba(7) suite​. The sharesec program manipulates share permissions on SMB file shares​.

OPTIONSThe following options are available to the sharesec program​. The format of ACLs is described in the section ACL FORMAT −a|−−add=ACL Add the ACEs specified to the ACL list​. −D|−−delete Delete the entire security descriptor​. −F|−−force Force storing the ACL​. −m|−−modify=ACL Modify existing ACEs​. −M|−−machine−sid Initialize the machine SID​. −r|−−remove=ACL Remove ACEs​. −R|−−replace=ACLS Overwrite an existing share permission ACL​. −v|−−view List a share acl −−view−all List all share acls −S|−−setsddl=STRING Set security descriptor by providing ACL in SDDL format​. −−viewsddl List a share acl in SDDL format​. −?|−−help Print a summary of command line options​. −−usage Display brief usage message​. −d|−−debuglevel=DEBUGLEVEL level is an integer from 0 to 10​. The default value if this parameter is not specified is 1 for client applications​. The higher this value, the more detail will be logged to the log files about the activities of the server​. At level 0, only critical errors and serious warnings will be logged​. Level 1 is a reasonable level for day−to−day running − it generates a small amount of information about operations carried out​. Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem​. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic​. Note that specifying this parameter here will override the log level parameter in the /etc/samba/smb​.conf file​. −−debug−stdout This will redirect debug output to STDOUT​. By default all clients are logging to STDERR​. −−configfile=<configuration file> The file specified contains the configuration details required by the client​. The information in this file can be general for client and server or only provide client specific like options such as client smb encrypt​. See /etc/samba/smb​.conf for more information​. The default configuration file name is determined at compile time​. −−option=<name>=<value> Set the smb.conf(5) option "<name>" to value "<value>" from the command line​. This overrides compiled−in defaults and options read from the configuration file​. If a name or a value includes a space, wrap whole −−option=name=value into quotes​. −l|−−log−basename=logdirectory Base directory name for log/debug files​. The extension "​.progname" will be appended (e​.g​. log​.smbclient, log​.smbd, etc​.​.​.)​. The log file is never removed by the client​. −−leak−report Enable talloc leak reporting on exit​. −−leak−report−full Enable full talloc leak reporting on exit​. −V|−−version Prints the program version number​.

ACL FORMATThe format of an ACL is one or more ACL entries separated by either commas or newlines​. An ACL entry is one of the following: REVISION:<revision number> OWNER:<sid or name> GROUP:<sid or name> ACL:<sid or name>:<type>/<flags>/<mask> The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor​. If not specified it defaults to 1​. Using values other than 1 may cause strange behaviour​. The owner and group specify the owner and group SIDs for the object​. Share ACLs do not specify an owner or a group, so these fields are empty​. ACLs specify permissions granted to the SID​. This SID can be specified in S−1−x−y−z format or as a name in which case it is resolved against the server on which the file or directory resides​. The type, flags and mask values determine the type of access granted to the SID​. The type can be either ALLOWED or DENIED to allow/deny access to the SID​. The flags values are generally zero for share ACLs​. The mask is a value which expresses the access right granted to the SID​. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name​. •  R − Allow read access •  W − Allow write access •  X − Execute permission on the object •  D − Delete the object •  P − Change permissions •  O − Take ownership The following combined permissions can be specified: •  READ − Equivalent to 'RX' permissions •  CHANGE − Equivalent to 'RXWD' permissions •  FULL − Equivalent to 'RWXDPO' permissions

EXIT STATUSThe sharesec program sets the exit status depending on the success or otherwise of the operations performed​. The exit status may be one of the following values​. If the operation succeeded, sharesec returns and exit status of 0​. If sharesec couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned​. If there was an error parsing any command line arguments, an exit status of 2 is returned​.

EXAMPLESAdd full access for SID S−1−5−21−1866488690−1365729215−3963860297−17724 on share: host:~ # sharesec share −a S−1−5−21−1866488690−1365729215−3963860297−17724:ALLOWED/0/FULL List all ACEs for share: host:~ # sharesec share −v REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S−1−1−0:ALLOWED/0x0/FULL ACL:S−1−5−21−1866488690−1365729215−3963860297−17724:ALLOWED/0x0/FULL

VERSIONThis man page is part of version 4​.18​.1 of the Samba suite​.

AUTHORThe original Samba software and related utilities were created by Andrew Tridgell​. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed​.
0
Johanes Gumabo
Data Size   :   26,913 byte
man-sharesec.1Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 203,306
Visitor ID   :     :  
Visitor IP   :   18.224.38.176   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.