Share management

Andrew Bartlett abartlet at pcug.org.au
Mon Jan 14 15:53:15 GMT 2002


Nigel Williams wrote:
> 
> Right I see the LANMAN named_pipe calls in reply_trans.  I missed them
> earlier, Sorry.
> 
> Re shareadd syntax.  With my current rpcclient implementation you would use
> 
> >sharesetinfo TEST_SHARE 1501 -s
> ACL:NIGEL\\nigel1:ALLOWED/0/FULL,ACL:NIGEL\\nigel2:DENIED/0/WRITE...
> 
> to set security on an existing share.

If you have a working rpcclient implementation it is almost trivial to
move it accross to 'net' btw.

> The syntax of the security descriptor is that used with smbcacls which
> allows multiple ACLs.  So there
> is no need to perform multiple shareadds.
> 
> The client calls implemented are
> 
> NetServerDiskEnum
> NetValidateName
> NetShareEnum
> NetShareEnumSticky
> NetShareSetInfo
> NetShareGetInfo
> NetShareAdd
> NetShareDel
> NetShareDelSticky
> 
> levels 0,1,2,501,502,1004,1005,1006,1007?,1501 are all available where
> suitable.
> 
> N.B. Jeremy did the server-side implementation.
> 
> I note your preferences wrt SD manipulation from the net command. They make
> good sense.
> 
> I wonder if there is any need to add these RPC client calls to the net
> command if we already have the RAP versions.

Yes.  Becouse the real interest is in being the same as NT - so if NT
allows these to be set via RPC, then it would be very handy to be able
to do the same from Samba.  In particular it helps in Samba's testing.

> A simple modification to smbcacls would give us all the functionality we
> require.

Great!

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list