sharesec

sharesec sharename [options]

sharename
    The name of the Samba share to be managed.

-a account
    Add access to the specified account (user or group).

-d account
    Delete access from the specified account.

-r
    Grant read access.

-w
    Grant write access.

-x
    Grant execute access.

-R
    Revoke read access.

-W
    Revoke write access.

-X
    Revoke execute access.

-l
    List current access control settings for the share.

-f smb.conf file
    Specify the smb.conf file to use, if not the default.

-h
    Display help information.

The sharesec command is a utility for manipulating share security attributes within the Samba suite.
It allows administrators to define and manage granular permissions for accessing shared resources, effectively controlling which users or groups have read, write, or execute access to specific Samba shares.
This tool operates on share definition files (usually in `/etc/samba/smb.conf`), modifying access control lists (ACLs) associated with each share. Using sharesec, you can enhance the security of your network by restricting access based on user identity, ensuring data confidentiality and integrity.
It is part of the Samba administration toolset and provides a command-line interface for managing share-level security.

Improper use of sharesec can inadvertently lock users out of shared resources or expose them to unauthorized access. It is crucial to understand the implications of each option before making changes. Make sure to backup your smb.conf

Granting read and write access to user 'john' on share 'data':
sharesec data -a john -r -w

Listing current access control for share 'data':
sharesec data -l

sharesec has evolved as part of the Samba project, mirroring the growth and increasing complexity of Samba's share-level security model.
Its purpose is to provide administrators with a focused tool for managing share permissions, complementing the broader Samba configuration management. The utility's development is tightly coupled with the Samba project's roadmap, incorporating new features and security models as they are introduced.

smb.conf(5), smbd(8), net(8)