source: trunk/samba/docs/manpages/net.8 @ 30

Last change on this file since 30 was 30, checked in by Paul Smedley, 14 years ago

Code updated to Samba 3.0.25rc2 level

File size: 25.1 KB
Line 
1.\"Generated by db2man.xsl. Don't modify this, modify the source.
2.de Sh \" Subsection
3.br
4.if t .Sp
5.ne 5
6.PP
7\fB\\$1\fR
8.PP
9..
10.de Sp \" Vertical space (when we can't use .PP)
11.if t .sp .5v
12.if n .sp
13..
14.de Ip \" List item
15.br
16.ie \\n(.$>=3 .ne \\$3
17.el .ne 3
18.IP "\\$1" \\$2
19..
20.TH "NET" 8 "" "" ""
21.SH NAME
22net \- Tool for administration of Samba and remote CIFS servers.
23.SH "SYNOPSIS"
24.ad l
25.hy 0
26.HP 4
27\fBnet\fR {<ads|rap|rpc>} [\-h] [\-w\ workgroup] [\-W\ myworkgroup] [\-U\ user] [\-I\ ip\-address] [\-p\ port] [\-n\ myname] [\-s\ conffile] [\-S\ server] [\-l] [\-P] [\-d\ debuglevel] [\-V]
28.ad
29.hy
30
31.SH "DESCRIPTION"
32
33.PP
34This tool is part of the \fBsamba\fR(7) suite\&.
35
36.PP
37The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
38
39.SH "OPTIONS"
40
41.TP
42\-h|\-\-help
43Print a summary of command line options\&.
44
45.TP
46\-w target\-workgroup
47Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
48
49.TP
50\-W workgroup
51Sets client workgroup or domain
52
53.TP
54\-U user
55User name to use
56
57.TP
58\-I ip\-address
59IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.
60
61.TP
62\-p port
63Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
64
65.TP
66\-n <primary NetBIOS name>
67This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the  parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&.
68
69.TP
70\-s <configuration file>
71The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
72
73.TP
74\-S server
75Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
76
77.TP
78\-l
79When listing data, give more information on each item\&.
80
81.TP
82\-P
83Make queries to the external server using the machine account of the local server\&.
84
85.TP
86\-d|\-\-debuglevel=level
87\fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
88
89The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
90
91Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
92
93Note that specifying this parameter here will override the  parameter in the \fIsmb\&.conf\fR file\&.
94
95.SH "COMMANDS"
96
97.SS "CHANGESECRETPW"
98
99.PP
100This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (\-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&.
101
102.SS "TIME"
103
104.PP
105The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.
106
107.SS "TIME"
108
109.PP
110Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.
111
112.SS "TIME SYSTEM"
113
114.PP
115Displays the time on the remote server in a format ready for \fB/bin/date\fR
116
117.SS "TIME SET"
118
119.PP
120Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.
121
122.SS "TIME ZONE"
123
124.PP
125Displays the timezone in hours from GMT on the remote computer\&.
126
127.SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN] [createcomputer=OU] [options]"
128
129.PP
130Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
131
132.PP
133[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.
134
135.PP
136[UPN] (ADS only) set the principalname attribute during the join\&. The default format is host/netbiosname@REALM\&.
137
138.PP
139[OU] (ADS only) Precreate the computer account in a specific OU\&. The OU string reads from top to bottom without RDNs, and is delimited by a '/'\&. Please note that '\\' is used for escape by both the shell and ldap, so it may need to be doubled or quadrupled to pass through, and it is not used as a delimiter\&.
140
141.SS "[RPC] OLDJOIN [options]"
142
143.PP
144Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining \- you need to create a trust account in server manager first\&.
145
146.SS "[RPC|ADS] USER"
147
148.SS "[RPC|ADS] USER"
149
150.PP
151List all users
152
153.SS "[RPC|ADS] USER DELETE target"
154
155.PP
156Delete specified user
157
158.SS "[RPC|ADS] USER INFO target"
159
160.PP
161List the domain groups of a the specified user\&.
162
163.SS "[RPC|ADS] USER RENAME oldname newname"
164
165.PP
166Rename specified user\&.
167
168.SS "[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]"
169
170.PP
171Add specified user\&.
172
173.SS "[RPC|ADS] GROUP"
174
175.SS "[RPC|ADS] GROUP [misc options] [targets]"
176
177.PP
178List user groups\&.
179
180.SS "[RPC|ADS] GROUP DELETE name [misc. options]"
181
182.PP
183Delete specified group\&.
184
185.SS "[RPC|ADS] GROUP ADD name [-C comment]"
186
187.PP
188Create specified group\&.
189
190.SS "[RAP|RPC] SHARE"
191
192.SS "[RAP|RPC] SHARE [misc. options] [targets]"
193
194.PP
195Enumerates all exported resources (network shares) on target server\&.
196
197.SS "[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]"
198
199.PP
200Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.
201
202.SS "SHARE DELETE sharenam"
203
204.PP
205Delete specified share\&.
206
207.SS "[RPC|RAP] FILE"
208
209.SS "[RPC|RAP] FILE"
210
211.PP
212List all open files on remote server\&.
213
214.SS "[RPC|RAP] FILE CLOSE fileid"
215
216.PP
217Close file with specified \fIfileid\fR on remote server\&.
218
219.SS "[RPC|RAP] FILE INFO fileid"
220
221.PP
222Print information on specified \fIfileid\fR\&. Currently listed are: file\-id, username, locks, path, permissions\&.
223
224.SS "[RAP|RPC] FILE USER"
225
226.RS
227.Sh "Note"
228
229.PP
230Currently NOT implemented\&.
231
232.RE
233
234.SS "SESSION"
235
236.SS "RAP SESSION"
237
238.PP
239Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.
240
241.SS "RAP SESSION DELETE|CLOSE CLIENT_NAME"
242
243.PP
244Close the specified sessions\&.
245
246.SS "RAP SESSION INFO CLIENT_NAME"
247
248.PP
249Give a list with all the open files in specified session\&.
250
251.SS "RAP SERVER DOMAIN"
252
253.PP
254List all servers in specified domain or workgroup\&. Defaults to local domain\&.
255
256.SS "RAP DOMAIN"
257
258.PP
259Lists all domains and workgroups visible on the current network\&.
260
261.SS "RAP PRINTQ"
262
263.SS "RAP PRINTQ LIST QUEUE_NAME"
264
265.PP
266Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.
267
268.SS "RAP PRINTQ DELETE JOBID"
269
270.PP
271Delete job with specified id\&.
272
273.SS "RAP VALIDATE user [password]"
274
275.PP
276Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
277
278.RS
279.Sh "Note"
280
281.PP
282Currently NOT implemented\&.
283
284.RE
285
286.SS "RAP GROUPMEMBER"
287
288.SS "RAP GROUPMEMBER LIST GROUP"
289
290.PP
291List all members of the specified group\&.
292
293.SS "RAP GROUPMEMBER DELETE GROUP USER"
294
295.PP
296Delete member from group\&.
297
298.SS "RAP GROUPMEMBER ADD GROUP USER"
299
300.PP
301Add member to group\&.
302
303.SS "RAP ADMIN command"
304
305.PP
306Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.
307
308.RS
309.Sh "Note"
310
311.PP
312Currently NOT implemented\&.
313
314.RE
315
316.SS "RAP SERVICE"
317
318.SS "RAP SERVICE START NAME [arguments...]"
319
320.PP
321Start the specified service on the remote server\&. Not implemented yet\&.
322
323.RS
324.Sh "Note"
325
326.PP
327Currently NOT implemented\&.
328
329.RE
330
331.SS "RAP SERVICE STOP"
332
333.PP
334Stop the specified service on the remote server\&.
335
336.RS
337.Sh "Note"
338
339.PP
340Currently NOT implemented\&.
341
342.RE
343
344.SS "RAP PASSWORD USER OLDPASS NEWPASS"
345
346.PP
347Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.
348
349.SS "LOOKUP"
350
351.SS "LOOKUP HOST HOSTNAME [TYPE]"
352
353.PP
354Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.
355
356.SS "LOOKUP LDAP [DOMAIN"
357
358.PP
359Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.
360
361.SS "LOOKUP KDC [REALM]"
362
363.PP
364Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.
365
366.SS "LOOKUP DC [DOMAIN]"
367
368.PP
369Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.
370
371.SS "LOOKUP MASTER DOMAIN"
372
373.PP
374Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.
375
376.SS "CACHE"
377
378.PP
379Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.
380
381.PP
382All the timeout parameters support the suffixes:
383s \- Secondsm \- Minutesh \- Hoursd \- Daysw \- Weeks
384
385.SS "CACHE ADD key data time-out"
386
387.PP
388Add specified key+data to the cache with the given timeout\&.
389
390.SS "CACHE DEL key"
391
392.PP
393Delete key from the cache\&.
394
395.SS "CACHE SET key data time-out"
396
397.PP
398Update data of existing cache entry\&.
399
400.SS "CACHE SEARCH PATTERN"
401
402.PP
403Search for the specified pattern in the cache data\&.
404
405.SS "CACHE LIST"
406
407.PP
408List all current items in the cache\&.
409
410.SS "CACHE FLUSH"
411
412.PP
413Remove all the current items from the cache\&.
414
415.SS "GETLOCALSID [DOMAIN]"
416
417.PP
418Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.
419
420.SS "SETLOCALSID S-1-5-21-x-y-z"
421
422.PP
423Sets domain sid for the local server to the specified SID\&.
424
425.SS "GROUPMAP"
426
427.PP
428Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:
429
430.TP 3
431\(bu
432unixgroup \- Name of the UNIX group
433.TP
434\(bu
435ntgroup \- Name of the Windows NT group (must be resolvable to a SID
436.TP
437\(bu
438rid \- Unsigned 32\-bit integer
439.TP
440\(bu
441sid \- Full SID in the form of "S\-1\-\&.\&.\&."
442.TP
443\(bu
444type \- Type of the group; either 'domain', 'local', or 'builtin'
445.TP
446\(bu
447comment \- Freeform text description of the group
448.LP
449
450.SS "GROUPMAP ADD"
451
452.PP
453Add a new group mapping entry:
454
455.nf
456
457net groupmap add {rid=int|sid=string} unixgroup=string \\
458      [type={domain|local}] [ntgroup=string] [comment=string]
459
460.fi
461 
462
463.SS "GROUPMAP DELETE"
464
465.PP
466Delete a group mapping entry\&. If more then one group name matches, the first entry found is deleted\&.
467
468.PP
469net groupmap delete {ntgroup=string|sid=SID}
470
471.SS "GROUPMAP MODIFY"
472
473.PP
474Update en existing group entry
475
476.PP
477 
478
479.nf
480
481net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \\
482       [comment=string] [type={domain|local}]
483
484.fi
485 
486
487.SS "GROUPMAP LIST"
488
489.PP
490List existing group mapping entries
491
492.PP
493net groupmap list [verbose] [ntgroup=string] [sid=SID]
494
495.SS "MAXRID"
496
497.PP
498Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.
499
500.SS "RPC INFO"
501
502.PP
503Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.
504
505.SS "[RPC|ADS] TESTJOIN"
506
507.PP
508Check whether participation in a domain is still valid\&.
509
510.SS "[RPC|ADS] CHANGETRUSTPW"
511
512.PP
513Force change of domain trust password\&.
514
515.SS "RPC TRUSTDOM"
516
517.SS "RPC TRUSTDOM ADD DOMAIN"
518
519.PP
520Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.
521
522.SS "RPC TRUSTDOM DEL DOMAIM"
523
524.PP
525Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.
526
527.RS
528.Sh "Note"
529
530.PP
531Currently NOT implemented\&.
532
533.RE
534
535.SS "RPC TRUSTDOM ESTABLISH DOMAIN"
536
537.PP
538Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.
539
540.SS "RPC TRUSTDOM REVOKE DOMAIN"
541
542.PP
543Abandon relationship to trusted domain
544
545.SS "RPC TRUSTDOM LIST"
546
547.PP
548List all current interdomain trust relationships\&.
549
550.SS "RPC RIGHTS"
551
552.PP
553This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges)\&. There are three options current available: \fIlist\fR, \fIgrant\fR, and \fIrevoke\fR\&. More details on Samba's privilege model and its use can be found in the Samba\-HOWTO\-Collection\&.
554
555.SS "RPC ABORTSHUTDOWN"
556
557.PP
558Abort the shutdown of a remote server\&.
559
560.SS "RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
561
562.PP
563Shut down the remote server\&.
564
565.TP
566\-r
567Reboot after shutdown\&.
568
569.TP
570\-f
571Force shutting down all applications\&.
572
573.TP
574\-t timeout
575Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.
576
577.TP
578\-C message
579Display the specified message on the screen to announce the shutdown\&.
580
581.SS "RPC SAMDUMP"
582
583.PP
584Print out sam database of remote server\&. You need to run this against the PDC, from a Samba machine joined as a BDC\&.
585
586.SS "RPC VAMPIRE"
587
588.PP
589Export users, aliases and groups from remote server to local server\&. You need to run this against the PDC, from a Samba machine joined as a BDC\&.
590
591.SS "RPC GETSID"
592
593.PP
594Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.
595
596.SS "ADS LEAVE"
597
598.PP
599Make the remote host leave the domain it is part of\&.
600
601.SS "ADS STATUS"
602
603.PP
604Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.
605
606.SS "ADS PRINTER"
607
608.SS "ADS PRINTER INFO [PRINTER] [SERVER]"
609
610.PP
611Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.
612
613.SS "ADS PRINTER PUBLISH PRINTER"
614
615.PP
616Publish specified printer using ADS\&.
617
618.SS "ADS PRINTER REMOVE PRINTER"
619
620.PP
621Remove specified printer from ADS directory\&.
622
623.SS "ADS SEARCH EXPRESSION ATTRIBUTES..."
624
625.PP
626Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.
627
628.PP
629Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR
630
631.SS "ADS DN DN (attributes)"
632
633.PP
634Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.
635
636.PP
637Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
638
639.SS "ADS WORKGROUP"
640
641.PP
642Print out workgroup name for specified kerberos realm\&.
643
644.SS "SAM CREATEBUILTINGROUP <NAME>"
645
646.PP
647(Re)Create a BUILTIN group\&. Only a wellknown set of BUILTIN groups can be created with this command\&. This is the list of currently recognized group names: Administrators, Users, Guests, Power Users, Account Operators, Server Operators, Print Operators, Backup Operators, Replicator, RAS Servers, Pre\-Windows 2000 ompatible Access\&. This command requires a running Winbindd with idmap allocation properly configured\&. The group gid will be allocated out of the winbindd range\&.
648
649.SS "SAM CREATELOCALGROUP <NAME>"
650
651.PP
652Create a LOCAL group (also known as Alias)\&. This command requires a running Winbindd with idmap allocation properly configured\&. The group gid will be allocated out of the winbindd range\&.
653
654.SS "SAM MAPUNIXGROUP <NAME>"
655
656.PP
657Map an existing Unix group and make it a Domain Group, the domain group will have the same name\&.
658
659.SS "SAM ADDMEM <GROUP> <MEMBER>"
660
661.PP
662Add a member to a Local group\&. The group can be specified only by name, the member can be specified by name or SID\&.
663
664.SS "SAM DELMEM  <GROUP> <MEMBER>"
665
666.PP
667Remove a member from a Local group\&. The group and the member must be specified by name\&.
668
669.SS "SAM LISTMEM <GROUP>"
670
671.PP
672List Local group members\&. The group must be specified by name\&.
673
674.SS "SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]"
675
676.PP
677List the specified set of accounts by name\&. If verbose is specified, the rid and description is also provided for each account\&.
678
679.SS "SAM SHOW <NAME>"
680
681.PP
682Show the full DOMAIN\\\\NAME the SID and the type for the corrisponding account\&.
683
684.SS "SAM SET HOMEDIR <NAME> <DIRECTORY>"
685
686.PP
687Set the home directory for a user account\&.
688
689.SS "SAM SET PROFILEPATH <NAME> <PATH>"
690
691.PP
692Set the profile path for a user account\&.
693
694.SS "SAM SET COMMENT <NAME> <COMMENT>"
695
696.PP
697Set the comment for a user or group account\&.
698
699.SS "SAM SET FULLNAME <NAME> <FULL NAME>"
700
701.PP
702Set the full name for a user account\&.
703
704.SS "SAM SET LOGONSCRIPT <NAME> <SCRIPT>"
705
706.PP
707Set the logon script for a user account\&.
708
709.SS "SAM SET HOMEDRIVE <NAME> <DRIVE>"
710
711.PP
712Set the home drive for a user account\&.
713
714.SS "SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>"
715
716.PP
717Set the workstations a user account is allowed to log in from\&.
718
719.SS "SAM SET DISABLE <NAME>"
720
721.PP
722Set the "disabled" flag for a user account\&.
723
724.SS "SAM SET PWNOTREQ <NAME>"
725
726.PP
727Set the "password not required" flag for a user account\&.
728
729.SS "SAM SET AUTOLOCK <NAME>"
730
731.PP
732Set the "autolock" flag for a user account\&.
733
734.SS "SAM SET PWNOEXP <NAME>"
735
736.PP
737Set the "password do not expire" flag for a user account\&.
738
739.SS "SAM SET PWMUSTCHANGENOW <NAME> [yes|no]"
740
741.PP
742Set or unset the "password must change" flag fro a user account\&.
743
744.SS "SAM POLICY LIST"
745
746.PP
747List the avilable account policies\&.
748
749.SS "SAM POLICY SHOW <account policy>"
750
751.PP
752Show the account policy value\&.
753
754.SS "SAM POLICY SET <account policy> <value>"
755
756.PP
757Set a value for the account policy\&. Valid values can be: "forever", "never", "off", or a number\&.
758
759.SS "SAM PROVISION"
760
761.PP
762Only available if ldapsam:editposix is set and winbindd is running\&. Properly populates the ldap tree with the basic accounts (Administrator) and groups (Domain Users, Domain Admins, Domain Guests) on the ldap tree\&.
763
764.SS "IDMAP DUMP <output file>"
765
766.PP
767Dumps the mappings in the specified output file\&.
768
769.SS "IDMAP RESTORE [input file]"
770
771.PP
772Restore the mappings from the specified file or stdin\&.
773
774.SS "IDMAP SECRET <DOMAIN>|ALLOC <secret>"
775
776.PP
777Store a secret for the sepcified domain, used primarily for domains that use idmap_ldap as a backend\&. In this case the secret is used as the password for the user DN used to bind to the ldap server\&.
778
779.SS "USERSHARE"
780
781.PP
782Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user define shares to be exported using the "net usershare" commands\&.
783
784.PP
785To set this up, first set up your smb\&.conf by adding to the [global] section : usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\&. Set the permissions on /usr/local/samba/lib/usershares to 01770\&. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file)\&. Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb\&.conf a line such as : usershare max shares = 100\&. To allow 100 usershare definitions\&. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below\&.
786
787.PP
788The usershare commands are:
789net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] \- to add or change a user defined share\&.net usershare delete sharename \- to delete a user defined share\&.net usershare info [\-l|\-\-long] [wildcard sharename] \- to print info about a user defined share\&.net usershare list [\-l|\-\-long] [wildcard sharename] \- to list user defined shares\&.
790
791.SS "USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]"
792
793.PP
794Add or replace a new user defined share, with name "sharename"\&.
795
796.PP
797"path" specifies the absolute pathname on the system to be exported\&. Restrictions may be put on this, see the global smb\&.conf parameters : "usershare owner only", "usershare prefix allow list", and "usershare prefix deny list"\&.
798
799.PP
800The optional "comment" parameter is the comment that will appear on the share when browsed to by a client\&.
801
802.PP
803The optional "acl" field specifies which users have read and write access to the entire share\&. Note that guest connections are not allowed unless the smb\&.conf parameter "usershare allow guests" has been set\&. The definition of a user defined share acl is : "user:permission", where user is a valid username on the system and permission can be "F", "R", or "D"\&. "F" stands for "full permissions", ie\&. read and write permissions\&. "D" stands for "deny" for a user, ie\&. prevent this user from accessing this share\&. "R" stands for "read only", ie\&. only allow read access to this share (no creation of new files or directories or writing to files)\&.
804
805.PP
806The default if no "acl" is given is "Everyone:R", which means any authenticated user has read\-only access\&.
807
808.PP
809The optional "guest_ok" has the same effect as the parameter of the same name in smb\&.conf, in that it allows guest access to this user defined share\&. This parameter is only allowed if the global parameter "usershare allow guests" has been set to true in the smb\&.conf\&.
810
811
812There is no separate command to modify an existing user defined share,
813just use the "net usershare add [sharename]" command using the same
814sharename as the one you wish to modify and specify the new options
815you wish\&. The Samba smbd daemon notices user defined share modifications
816at connect time so will see the change immediately, there is no need
817to restart smbd on adding, deleting or changing a user defined share\&.
818
819.SS "USERSHARE DELETE sharename"
820
821.PP
822Deletes the user defined share by name\&. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share\&.
823
824.SS "USERSHARE INFO [-l|--long] [wildcard sharename]"
825
826.PP
827Get info on user defined shares owned by the current user matching the given pattern, or all users\&.
828
829.PP
830net usershare info on its own dumps out info on the user defined shares that were created by the current user, or restricts them to share names that match the given wildcard pattern ('*' matches one or more characters, '?' matches only one character)\&. If the '\-l' or '\-\-long' option is also given, it prints out info on user defined shares created by other users\&.
831
832.PP
833The information given about a share looks like : [foobar] path=/home/jeremy comment=testme usershare_acl=Everyone:F guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command\&.
834
835.SS "USERSHARE LIST [-l|--long] wildcard sharename"
836
837.PP
838List all the user defined shares owned by the current user matching the given pattern, or all users\&.
839
840.PP
841net usershare list on its own list out the names of the user defined shares that were created by the current user, or restricts the list to share names that match the given wildcard pattern ('*' matches one or more characters, '?' matches only one character)\&. If the '\-l' or '\-\-long' option is also given, it includes the names of user defined shares created by other users\&.
842
843.SS "HELP [COMMAND]"
844
845.PP
846Gives usage information for the specified command\&.
847
848.SH "VERSION"
849
850.PP
851This man page is complete for version 3\&.0 of the Samba suite\&.
852
853.SH "AUTHOR"
854
855.PP
856The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
857
858.PP
859The net manpage was written by Jelmer Vernooij\&.
860
Note: See TracBrowser for help on using the repository browser.