This section explains how to use the
qq smb_add_share command.For more information, see Using SMB Host Restrictions in Qumulo Core in the Qumulo Administrator Guide.
Examples
To Create an SMB Share with Host Restrictions
Note
The
The
qq smb_add_share and qq smb_mod_share commands use the same flags.Run the qq smb_add_share command and specify the path, share name, and host restriction level. In the following example, Qumulo Core grants hosts 203.0.113.42 and 203.0.113.84 full control, all hosts in 203.0.113.0/24 read-only access, and denies all other hosts.
qq smb_add_share --fs-path / \
--name my-share \
--all-access \
--full-control-hosts 203.0.113.42 203.0.113.84 \
--read-only-hosts 203.0.113.0/24
The following is example output.
ID: 3
Name: share
Path: /
Description:
Access Based Enumeration: False
Encryption Required: False
Default File Create Mode: 0644
Default Directory Create Mode: 0755
Permissions:
ID Trustee Type Rights
== ======== ======= ===============================
1 Everyone Allowed Read, Write, Change permissions
Network Permissions:
ID Trustee Type Rights
== ========================== ======= ===============================
1 203.0.113.0/24 Denied Write, Change permissions
2 203.0.113.0/24 Allowed Read
3 203.0.113.42, 203.0.113.84 Allowed Read, Write, Change permissions
Description
Add a new SMB share
Usage
qq smb_add_share [-h] [--tenant-id TENANT_ID] --name NAME --fs-path FS_PATH [--description DESCRIPTION] [--access-based-enumeration-enabled {true,false}] [--create-fs-path] [--default-file-create-mode DEFAULT_FILE_CREATE_MODE]
[--default-directory-create-mode DEFAULT_DIRECTORY_CREATE_MODE] [--require-encryption {true,false}] [--json] [--no-access | --read-only | --all-access] [--grant-read-access TRUSTEE [TRUSTEE ...]]
[--grant-read-write-access TRUSTEE [TRUSTEE ...]] [--grant-all-access TRUSTEE [TRUSTEE ...]] [--deny-access TRUSTEE [TRUSTEE ...]] [--full-control-hosts IP/RANGE [IP/RANGE ...]] [--read-only-hosts IP/RANGE [IP/RANGE ...]]
[--deny-hosts IP/RANGE [IP/RANGE ...]] [--deny-all-hosts]
Flags
| Flag Name | Required | Description |
|---|---|---|
--tenant-id
|
No | The ID of the tenant to which to add the share. |
--name
|
Yes | Name of share. |
--fs-path
|
Yes | File system path. |
--description
|
No | Description of this share. |
--access-based-enumeration-enabled
|
No | Enable Access-Based Enumeration for this share. |
--create-fs-path
|
No | Creates the specified file system path if the path does not exist already. |
--default-file-create-mode
|
No | Change the default POSIX file create mode bits (octal) for the specified SMB share. These mode bits are applied to new files as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--default-directory-create-mode
|
No | Change the default POSIX directory create mode bits (octal) for the specified SMB share. These mode bits are applied to new directories as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--require-encryption
|
No | Require encryption for all traffic for the specified share. When set to true, clients without encryption capability cannot connect to this share. |
--json
|
No | Print the raw JSON response. |
--no-access
|
No | Grant no access. |
--read-only
|
No | Grant everyone except guest read-only access. |
--all-access
|
No | Grant everyone except guest full access. |
--grant-read-access
|
No | Grant read access to the specified trustees. For example: Everyone, uid:1000, gid:1001, sid:S-1-5-2-3-4, auth_id:500 |
--grant-read-write-access
|
No | Grant read-write access to these trustees. |
--grant-all-access
|
No | Grant all access to these trustees. |
--deny-access
|
No | Deny all access to these trustees. |
--full-control-hosts
|
No | The host addresses or subnet ranges for which access to to this share are not limited by network permissions. Access may still be limited by share and file permissions. |
--read-only-hosts
|
No | Address ranges which should be permitted read-only access at most. |
--deny-hosts
|
No | The host addresses or subnet ranges for which access to the specified share is denied, regardless of other permissions. Important: Because using this flag alone results in all hosts being denied, use the correct --full-control-hosts or --read-only-hosts flags as necessary. |
--deny-all-hosts
|
No | Deny all access to this share. Important: To avoid configuration issues, do not apply this flag alongside any others. |