This section explains how to use the qq smb_add_share command.

For more information, see:

Examples

To Create an SMB Share with Host Restrictions

Run the qq smb_add_share command and specify the path, share name, and host restriction level. In the following example, Qumulo Core grants hosts 203.0.113.42 and 203.0.113.84 full control, all hosts in 203.0.113.0/24 read-only access, and denies all other hosts.

qq smb_add_share --fs-path / \
  --name my-share \
  --all-access \
  --full-control-hosts 203.0.113.42 203.0.113.84 \
  --read-only-hosts 203.0.113.0/24

The following is example output.

ID: 3
Name: share
Path: /
Description:
Access Based Enumeration: False
Encryption Required: False
Default File Create Mode: 0644
Default Directory Create Mode: 0755

Permissions:
ID Trustee  Type    Rights 
== ======== ======= ===============================
1  Everyone Allowed Read, Write, Change permissions

Network Permissions:
ID Trustee                    Type    Rights 
== ========================== ======= ===============================
1  203.0.113.0/24             Denied  Write, Change permissions 
2  203.0.113.0/24              Allowed Read 
3  203.0.113.42, 203.0.113.84 Allowed Read, Write, Change permissions

Description

Add a new SMB share

Usage

qq smb_add_share [-h] [--tenant-id TENANT_ID] --name NAME --fs-path FS_PATH [--description DESCRIPTION] [--access-based-enumeration-enabled {true,false}] [--create-fs-path] [--default-file-create-mode DEFAULT_FILE_CREATE_MODE]
    [--default-directory-create-mode DEFAULT_DIRECTORY_CREATE_MODE] [--require-encryption {true,false}] [--json] [--no-access | --read-only | --all-access] [--grant-read-access TRUSTEE [TRUSTEE ...]]
    [--grant-read-write-access TRUSTEE [TRUSTEE ...]] [--grant-all-access TRUSTEE [TRUSTEE ...]] [--deny-access TRUSTEE [TRUSTEE ...]] [--full-control-hosts IP/RANGE [IP/RANGE ...]] [--read-only-hosts IP/RANGE [IP/RANGE ...]]
    [--deny-hosts IP/RANGE [IP/RANGE ...]] [--deny-all-hosts]

Flags

Flag Name Required Description
--tenant-id No The ID of the tenant to which to add the share.
--name Yes Name of share.
--fs-path Yes File system path.
--description No Description of this share.
--access-based-enumeration-enabled No Enable Access-Based Enumeration for this share.
--create-fs-path No Creates the specified file system path if the path does not exist already.
--default-file-create-mode No Change the default POSIX file create mode bits (octal) for the specified SMB share. These mode bits are applied to new files as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect.
--default-directory-create-mode No Change the default POSIX directory create mode bits (octal) for the specified SMB share. These mode bits are applied to new directories as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect.
--require-encryption No Require encryption for all traffic for the specified share. When set to true, clients without encryption capability cannot connect to this share.
--json No Print the raw JSON response.
--no-access No Grant no access.
--read-only No Grant everyone except guest read-only access.
--all-access No Grant everyone except guest full access.
--grant-read-access No Grant read access to the specified trustees. For example: Everyone, uid:1000, gid:1001, sid:S-1-5-2-3-4, auth_id:500
--grant-read-write-access No Grant read-write access to these trustees.
--grant-all-access No Grant all access to these trustees.
--deny-access No Deny all access to these trustees.
--full-control-hosts No The host addresses or subnet ranges for which access to to this share are not limited by network permissions. Access may still be limited by share and file permissions.
--read-only-hosts No Address ranges which should be permitted read-only access at most.
--deny-hosts No The host addresses or subnet ranges for which access to the specified share is denied, regardless of other permissions. Important: Because using this flag alone results in all hosts being denied, use the correct --full-control-hosts or --read-only-hosts flags as necessary.
--deny-all-hosts No Deny all access to this share. Important: To avoid configuration issues, do not apply this flag alongside any others.