This section explains how to use the
qq smb_mod_share command.Examples
Modifying Host Restrictions
For more information, see Using SMB Host Restrictions in Qumulo Core in the Qumulo Administrator Guide.
To Modify Host Restrictions for an Existing SMB Share
Note
- The
qq smb_add_shareandqq smb_mod_sharecommands use the same flags. - If you specify new host restrictions, they overwrite any existing host restrictions. You must explicitly specify which host restrictions to retain.
- If you don't include any flags, no changes take place.
Run the qq smb_mod_share command and specify the path, share name, and host restriction level. In the following example, Qumulo Core grants hosts 203.0.113.0/16 and 203.0.113.0/24 full control, and denies all other hosts.
The following is example output.
ID: 4
Name: share2
Path: /
Description:
Access Based Enumeration: False
Encryption Required: False
Default File Create Mode: 0644
Default Directory Create Mode: 0755
Permissions:
ID Trustee Type Rights
== ======== ======= ===============================
1 Everyone Allowed Read, Write, Change permissions
Network Permissions:
ID Trustee Type Rights
== ============================== ======= ===============================
1 203.0.113.0/16, 203.0.113.0/24 Allowed Read, Write, Change permissions
To Remove All Host Restrictions from an Existing SMB Share
Run the qq smb_mod_share command, specify the share ID, and specify full control. For example:
For more information, see Managing SMB3 Encryption in Transit in Qumulo Core in the Qumulo Administrator Guide.
qq smb_mod_share --id=4 \
--full-control="*"
Configuring SMB3 Encryption
For more information, see Managing SMB3 Encryption in Transit in Qumulo Core in the Qumulo Administrator Guide.
To Configure Share-Level SMB3 Encryption
Run the qq smb_mod_share command, specify the share name or ID, and use the --require-encryption flag to specify true or false. For example:
qq smb_mod_share --name my_share \
--require-encryption true
Description
Modify a share
Usage
qq smb_mod_share [-h] (--id ID | --name NAME) [--tenant-id TENANT_ID] [--new-name NEW_NAME] [--new-tenant-id NEW_TENANT_ID] [--fs-path FS_PATH] [--description DESCRIPTION] [--access-based-enumeration-enabled {true,false}] [--create-fs-path]
[--default-file-create-mode DEFAULT_FILE_CREATE_MODE] [--default-directory-create-mode DEFAULT_DIRECTORY_CREATE_MODE] [--require-encryption {true,false}] [--json] [--full-control-hosts IP/RANGE [IP/RANGE ...]]
[--read-only-hosts IP/RANGE [IP/RANGE ...]] [--deny-hosts IP/RANGE [IP/RANGE ...]] [--deny-all-hosts]
Flags
| Flag Name | Required | Description |
|---|---|---|
--id
|
No | The ID of the share to modify. |
--name
|
No | The name of the share to modify. |
--tenant-id
|
No | ID of the tenant the share is in. Only used if using the --name argument. |
--new-name
|
No | Change SMB share name. |
--new-tenant-id
|
No | Change the tenant that the share is in. |
--fs-path
|
No | Change file system path. |
--description
|
No | Change share description. |
--access-based-enumeration-enabled
|
No | Enable Access-Based Enumeration for this share. |
--create-fs-path
|
No | Creates the specified file system path if the path does not exist already. |
--default-file-create-mode
|
No | Change the default POSIX file create mode bits (octal) for the specified SMB share. These mode bits are applied to new files as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--default-directory-create-mode
|
No | Change the default POSIX directory create mode bits (octal) for the specified SMB share. These mode bits are applied to new directories as they are created. Note: If an inheritable ACE is present in the permissions ACL, this flag has no effect. |
--require-encryption
|
No | Require all traffic for this share to be encrypted. If true, clients without encryption capabilities will not be able to connect. |
--json
|
No | Print the raw JSON response. |
--full-control-hosts
|
No | The host addresses or subnet ranges for which access to to this share are not limited by network permissions. Access may still be limited by share and file permissions. |
--read-only-hosts
|
No | Address ranges which should be permitted read-only access at most. |
--deny-hosts
|
No | The host addresses or subnet ranges for which access to the specified share is denied, regardless of other permissions. Important: Because using this flag alone results in all hosts being denied, use the correct --full-control-hosts or --read-only-hosts flags as necessary. |
--deny-all-hosts
|
No | Deny all access to this share. Important: To avoid configuration issues, do not apply this flag alongside any others. |