This section explains how to use the qq smb_mod_share command.

Examples

Modifying Host Restrictions

For more information, see:

To Modify Host Restrictions for an Existing SMB Share

Run the qq smb_mod_share command and specify the path, share name, and host restriction level. In the following example, Qumulo Core grants hosts 203.0.113.0/16 and 203.0.113.0/24 full control, and denies all other hosts.

The following is example output.

ID: 4
Name: share2
Path: /
Description:
Access Based Enumeration: False
Encryption Required: False
Default File Create Mode: 0644
Default Directory Create Mode: 0755

Permissions:
ID Trustee  Type    Rights 
== ======== ======= ===============================
1  Everyone Allowed Read, Write, Change permissions

Network Permissions:
ID Trustee                        Type    Rights 
== ============================== ======= ===============================
1  203.0.113.0/16, 203.0.113.0/24 Allowed Read, Write, Change permissions

To Remove All Host Restrictions from an Existing SMB Share

Run the qq smb_mod_share command, specify the share ID, and specify full control. For example:

For more information, see:

Configuring SMB3 Encryption

For more information, see:

To Configure Share-Level SMB3 Encryption

Run the qq smb_mod_share command, specify the share name or ID, and use the --require-encryption flag to specify true or false. For example:

qq smb_mod_share --name my_share \
  --require-encryption true

Description

Modify a share

Usage

qq smb_mod_share [-h] (--id ID | --name NAME) [--tenant-id TENANT_ID] [--new-name NEW_NAME] [--new-tenant-id NEW_TENANT_ID] [--fs-path FS_PATH]
    [--description DESCRIPTION] [--access-based-enumeration-enabled {true,false}] [--create-fs-path] [--default-file-create-mode DEFAULT_FILE_CREATE_MODE]
    [--default-directory-create-mode DEFAULT_DIRECTORY_CREATE_MODE] [--require-encryption {true,false}] [--json]
    [--full-control-hosts IP/RANGE [IP/RANGE ...]] [--read-only-hosts IP/RANGE [IP/RANGE ...]] [--deny-hosts IP/RANGE [IP/RANGE ...]] [--deny-all-hosts]

Flags

Flag Name Required Description
--id No The ID of the share to modify.
--name No The name of the share to modify.
--tenant-id No ID of the tenant the share is in. Only used if using the --name argument.
--new-name No Change SMB share name.
--new-tenant-id No Change the tenant that the share is in.
--fs-path No Change file system path.
--description No Change share description.
--access-based-enumeration-enabled No Enable Access-Based Enumeration for this share.
--create-fs-path No Creates the specified file system path if the path does not exist already.
--default-file-create-mode No Change the default POSIX file create mode bits (octal) for the specified SMB share. These mode bits are applied to new files as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect.
--default-directory-create-mode No Change the default POSIX directory create mode bits (octal) for the specified SMB share. These mode bits are applied to new directories as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect.
--require-encryption No Require all traffic for this share to be encrypted. If true, clients without encryption capabilities will not be able to connect.
--json No Print the raw JSON response.
--full-control-hosts No The host addresses or subnet ranges for which access to to this share are not limited by network permissions. Access may still be limited by share and file permissions.
--read-only-hosts No Address ranges which should be permitted read-only access at most.
--deny-hosts No The host addresses or subnet ranges for which access to the specified share is denied, regardless of other permissions. Important: Because using this flag alone results in all hosts being denied, use the correct --full-control-hosts or --read-only-hosts flags as necessary.
--deny-all-hosts No Deny all access to this share. Important: To avoid configuration issues, do not apply this flag alongside any others.