SMB Share Permission
The SMB protocol allows you to set the permission at the share level. Permissions are processed before an ACL. Similar to an ACL, you can allow or deny access (full, change, or read) to a specific user of a group. The default is to provide full access to everyone and only depend on an ACL for permission.
The share smb permission commands allow you to manage permissions.
Note: SMB share permission settings are only available using a network access control list (ACL) such as Active Directory (AD) or macOS/Apple Open Directory (OD) with SID mapping enabled.
Note: For a list of all the Appliance Controller commands, see the Command Index.
View a Share Permission
By default, all shares that are created allow everyone full access; this relies on a directory and file ACL to handle the permission.
-
At the prompt, enter the following command:
> share smb permission show
Output:
SMB permissions:
smb1
group:everyone:allowed:fullmb1
Parameters
[sharename]
Specifies the name of the share.
Configure a Share Permission
Use the share smb permission replace command to replace an existing permission with a new one, or use the share smb permission add command to add a permission to an existing share.
The following example illustrates how to replace a share permission.
-
At the prompt, enter the following command to replace a share permission:
> share smb permission replace smb1 everyone allow read
Parameters
[sharename]
Specifies the name of the share. <user|group>
Specifies the user or the group. <allow|deny>
Specifies whether to allow or deny access. <full|change|read>
Specifies the permission. Output:
Share (smb1) permission successfully changed
-
(Optional) At the prompt, enter the following command to display the share permission:
> share smb permission show
Output:
SMB permissions:
smb1
group:everyone:allowed:read
The following example illustrates how to add a new share permission.
-
At the prompt, enter the following command to add a new share permission:
> share smb permission add smb1 testgroup1 allow change
Parameters
[sharename]
Specifies the name of the share. <user|group>
Specifies the user or the group. <allow|deny>
Specifies whether to allow or deny access. <full|change|read>
Specifies the permission. Output:
Share (smb1) permission successfully changed
-
(Optional) At the prompt, enter the following command to display the share permission:
> share smb permission show
Output:
SMB permissions:
smb1
group:everyone:allowed:read
group:testgroup1:allowed:change
Remove a Share Permission
Use the share smb permission remove command to remove a specific permission from a share.
-
At the prompt, enter the following command to remove a specific permission from a share:
> share smb permission remove smb1 everyone allow read
Parameters
[sharename]
Specifies the name of the share. <user|group>
Specifies the user or the group. <allow|deny>
Specifies whether to allow or deny access. <full|change|read>
Specifies the permission. Output:
Share (smb1) permission successfully changed
-
(Optional) At the prompt, enter the following command to display the share permission:
> share smb permission show
Output:
SMB permissions:
smb1
group:testgroup1:allowed:change
Reset the Permission to the Default
Use the share smb permission reset command to reset your permission to the default (everyone, allowed, full).
-
At the prompt, enter the following command to reset your permission to the default:
> share smb permission reset smb1
Parameters
[sharename]
Specifies the name of the share. Output:
Share (smb1) permission reset successfully
-
(Optional) At the prompt, enter the following command to display the share permission:
> share smb permission show
Output:
SMB permissions:
smb1
group:everyone:allowed:full
