This section explains how to use the
qq smb_add_share command.For more information, see:
- Using SMB Host Restrictions in Qumulo Core in the Azure Native Qumulo Administrator Guide
- Using SMB Host Restrictions in Qumulo Core in the Qumulo On-Premises Administrator Guide
Examples
To Create an SMB Share with Host Restrictions
Note
The
The
qq smb_add_share and qq smb_mod_share commands use the same flags.Run the qq smb_add_share command and specify the path, share name, and host restriction level. In the following example, Qumulo Core grants hosts 203.0.113.42 and 203.0.113.84 full control, all hosts in 203.0.113.0/24 read-only access, and denies all other hosts.
qq smb_add_share --fs-path / \
--name my-share \
--all-access \
--full-control-hosts 203.0.113.42 203.0.113.84 \
--read-only-hosts 203.0.113.0/24
The following is example output.
ID: 3
Name: share
Path: /
Description:
Access Based Enumeration: False
Encryption Required: False
Default File Create Mode: 0644
Default Directory Create Mode: 0755
Permissions:
ID Trustee Type Rights
== ======== ======= ===============================
1 Everyone Allowed Read, Write, Change permissions
Network Permissions:
ID Trustee Type Rights
== ========================== ======= ===============================
1 203.0.113.0/24 Denied Write, Change permissions
2 203.0.113.0/24 Allowed Read
3 203.0.113.42, 203.0.113.84 Allowed Read, Write, Change permissions
Description
Add a new SMB share
Usage
qq smb_add_share [-h] [--tenant-id TENANT_ID] --name NAME --fs-path FS_PATH [--description DESCRIPTION] [--access-based-enumeration-enabled {true,false}]
[--create-fs-path] [--default-file-create-mode DEFAULT_FILE_CREATE_MODE] [--default-directory-create-mode DEFAULT_DIRECTORY_CREATE_MODE]
[--require-encryption {true,false}] [--json] [--no-access | --read-only | --all-access] [--grant-read-access TRUSTEE [TRUSTEE ...]]
[--grant-read-write-access TRUSTEE [TRUSTEE ...]] [--grant-all-access TRUSTEE [TRUSTEE ...]] [--deny-access TRUSTEE [TRUSTEE ...]]
[--full-control-hosts IP/RANGE [IP/RANGE ...]] [--read-only-hosts IP/RANGE [IP/RANGE ...]] [--deny-hosts IP/RANGE [IP/RANGE ...]] [--deny-all-hosts]
Flags
| Flag Name | Required | Description |
|---|---|---|
--tenant-id
|
No | The ID of the tenant to which to add the share. |
--name
|
Yes | Name of share. |
--fs-path
|
Yes | File system path. |
--description
|
No | Description of this share. |
--access-based-enumeration-enabled
|
No | Enable Access-Based Enumeration for this share. |
--create-fs-path
|
No | Creates the specified file system path if the path does not exist already. |
--default-file-create-mode
|
No | Change the default POSIX file create mode bits (octal) for the specified SMB share. These mode bits are applied to new files as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--default-directory-create-mode
|
No | Change the default POSIX directory create mode bits (octal) for the specified SMB share. These mode bits are applied to new directories as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--require-encryption
|
No | Require encryption for all traffic for the specified share. When set to true, clients without encryption capability cannot connect to this share. |
--json
|
No | Print the raw JSON response. |
--no-access
|
No | Grant no access. |
--read-only
|
No | Grant everyone except guest read-only access. |
--all-access
|
No | Grant everyone except guest full access. |
--grant-read-access
|
No | Grant read access to the specified trustees. For example: Everyone, uid:1000, gid:1001, sid:S-1-5-2-3-4, auth_id:500 |
--grant-read-write-access
|
No | Grant read-write access to these trustees. |
--grant-all-access
|
No | Grant all access to these trustees. |
--deny-access
|
No | Deny all access to these trustees. |
--full-control-hosts
|
No | The host addresses or subnet ranges for which access to to this share are not limited by network permissions. Access may still be limited by share and file permissions. |
--read-only-hosts
|
No | Address ranges which should be permitted read-only access at most. |
--deny-hosts
|
No | The host addresses or subnet ranges for which access to the specified share is denied, regardless of other permissions. Important: Because using this flag alone results in all hosts being denied, use the correct --full-control-hosts or --read-only-hosts flags as necessary. |
--deny-all-hosts
|
No | Deny all access to this share. Important: To avoid configuration issues, do not apply this flag alongside any others. |