`tsmb-cfg`

The tsmb-cfg command is used to manage the configuration of Fusion File Share Server while it is running.

important

By default, configuration changes made with the tsmb-cfg command are not persisted across server restarts.

For changes made with the CLI to persist, you must start Fusion File Share Server in persistent configuration mode by running tsmb-server -p.

Usage

tsmb-cfg [<option>,...] <command> [<parameter>,...]

Options

When running the tsmb-cfg command, the following options can be used in conjunction with the subcommands:

-c <path>, --config <path>: Where path is the the path to the Fusion File Share Server configuration file.
When not specified, the default location to the configuration file is /etc/tsmb.conf.
--timeout <sec>: Where sec is the total time (in seconds) to wait for an operation to complete. (Default: 200)

The following options will display an output and then exit:

-v, --version: Displays the utility's version.
-h, --help: Display a help message.

`tsmb-cfg global`

The subcommands under tsmb-cfg global are used to manage the global configuration of Fusion File Share Server, corresponding with the [global] section of the configuration file.

`tsmb-cfg global add`

This subcommand is used to add a new global configuration parameter to the running Fusion File Share Server instance.

Usage: tsmb-cfg global add <parameter> [<value>]

Available parameters:

Parameter Description

Parameter	Description
`-l <value>` or `--listen <value>`	Corresponds with the global `listen` parameter. Adds a network listening configuration. Value Type: string This parameter is required. Fusion File Share Server will fail to start unless a value is specified. Multiple Values Allowed This parameter can be specified multiple times in your configuration to enable multiple listening configurations—for example, to listen on both IPv4 and IPv6. Value Format: `<interface>,<address>,<family>,<port>,<protocol>[,<options>]` `<interface>`: The network interface to listen on. To listen on all interfaces, use `ANY`. `<address>`: An IPv4 or IPv6 address to listen on, depending on `<family>`. To listen on all addresses, use `0.0.0.0` for IPv4 and `::` for IPv6. note If `<protocol>` is `NBNS`, `NBSS`, `NBDS`, `LLMNR`, or `WSD`, Fusion File Share Server will listen on all addresses regardless of the value of `<address>`. `<family>`: The address family to listen on: `IPv4`: Listen on an IPv4 address. `IPv6`: Listen on an IPv6 address. `RDMA_IPv4`: (for RDMA-enabled NICs) Listen on an IPv4 address for RDMA. Requires `<protocol>` to be `SMBD`. Requires `<address>` to be `0.0.0.0`. `RDMA_IPv6`: (for RDMA-enabled NICs) Listen on an IPv6 address for RDMA. Requires `<protocol>` to be `SMBD`. Requires `<address>` to be `::`. `<port>`: The TCP/UDP port number to listen on. `<protocol>`: The transport protocol to use: `DIRECT_TCP`: (default) Use Direct TCP. `NBDS`: Use the NetBIOS Datagram Service. `NBNS`: Use the NetBIOS Name Service. `NBSS`: Use the NetBIOS Session Service. `LLMNR`: Use Link-Local Multicast Name Resolution (LLMNR). `SMBD`: (for RDMA-enabled NICs) Use SMB Direct. Requires `<family>` to be `RDMA_IPv4` or `RDMA_IPv6`. `WSD`: Use Web Service Discovery (WSD). note The WSD and LLMNR protocols use multicast groups and cannot be bound to the loopback interface or address (e.g., `127.0.0.1`). `<options>`: Additional listening configuration in the following format, `<option>=<value>[,<option>=<value>,...]`, where `<option>=<value>` can be: `RSS=<num>`, where `<num>` is the number of RSS queues to use. For some testing and troubleshooting cases, you might enable RSS on a non-RSS-capable NIC by specifying a value greater than `0`. This will cause Fusion File Share Server to advertise the NIC as RSS-capable, although it is unlikely to result in any performance gains. Default value: none. When the `RSS` option is omitted, Fusion File Share Server determines the NIC's RSS capabilities and sets the number of receive queues accordingly. Possible values: `0`: Disables advertising the NIC as RSS-capable. any positive 32-bit integer (`1`–`4294967294`): Sets the number of receive queues to the specified value. Values greater than 32 are unlikely to be useful. `max_read_write_size=<bytes>`, where `<bytes>` is the maximum size of an RDMA read or write request in bytes when using SMB Direct. This option is valid only when `<protocol>` is `SMBD`. For other settings of `<protocol>`, this option is ignored. It sets the maximum number of bytes the server can send or receive in a single RDMA read or write request (MaxReadWriteSize). Note that the actual request size may be smaller than this value, depending on the client's capabilities and implementation. Default value: none. When the `max_read_write_size` option is omitted, a default value of `8388608` (8 MiB) is used, which is consistent with the value in the Windows implementation of RDMA. Possible values: any positive 32-bit integer (`1`–`4294967294`): Sets the maximum size of an RDMA read or write request to the specified value. `server=<name>`, where `<name>` is the server name for share scoping. When set, the shares accessed through this interface on the specified port and protocol will be scoped to clients that access the server using the specified server name. Default value: none. When the `server` option is omitted, share scoping on the interface is disabled for all shares by default (although it can be specified on a per-share basis). Default Value: N/A. Value MUST be set. Examples: `eth0,0.0.0.0,IPv4,445,DIRECT_TCP`: Listens on all IPv4 addresses on port 445 using Direct TCP on the `eth0` interface. `eth0,0.0.0.0,IPv4,445,DIRECT_TCP,RSS=2`: Listens on all IPv4 addresses on port 445 using Direct TCP on the `eth0` interface with 2 RSS queues. `ANY,::,IPv6,445,DIRECT_TCP`: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces. `ANY,::,IPv6,445,DIRECT_TCP,RSS=0`: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces with RSS disabled. `ANY,0.0.0.0,IPv4,139,NBSS`: Listens on all IPv4 addresses on port 139 using NetBIOS Session Service on all interfaces. `ANY,0.0.0.0,RDMA_IPv4,445,SMBD`: Listens on all IPv4 addresses on port 445 for RDMA using SMB Direct on all interfaces. `ANY,::,RDMA_IPv6,445,SMBD`: Listens on all IPv6 addresses on port 445 for RDMA using SMB Direct on all interfaces.
`-h` or `--help`	Display a help message.

-l <value>
or
--listen <value>

Corresponds with the global listen parameter. Adds a network listening configuration.

Value Type: string

This parameter is required.

Fusion File Share Server will fail to start unless a value is specified.

Multiple Values Allowed

This parameter can be specified multiple times in your configuration to enable multiple listening configurations—for example, to listen on both IPv4 and IPv6.

Value Format: <interface>,<address>,<family>,<port>,<protocol>[,<options>]

<interface>: The network interface to listen on. To listen on all interfaces, use ANY.
<address>: An IPv4 or IPv6 address to listen on, depending on <family>. To listen on all addresses, use 0.0.0.0 for IPv4 and :: for IPv6.

note
If <protocol> is NBNS, NBSS, NBDS, LLMNR, or WSD, Fusion File Share Server will listen on all addresses regardless of the value of <address>.
<family>: The address family to listen on:
- IPv4: Listen on an IPv4 address.
- IPv6: Listen on an IPv6 address.
- RDMA_IPv4: (for RDMA-enabled NICs) Listen on an IPv4 address for RDMA. Requires <protocol> to be SMBD. Requires <address> to be 0.0.0.0.
- RDMA_IPv6: (for RDMA-enabled NICs) Listen on an IPv6 address for RDMA. Requires <protocol> to be SMBD. Requires <address> to be ::.
<port>: The TCP/UDP port number to listen on.
<protocol>: The transport protocol to use:
- DIRECT_TCP: (default) Use Direct TCP.
- NBDS: Use the NetBIOS Datagram Service.
- NBNS: Use the NetBIOS Name Service.
- NBSS: Use the NetBIOS Session Service.
- LLMNR: Use Link-Local Multicast Name Resolution (LLMNR).
- SMBD: (for RDMA-enabled NICs) Use SMB Direct. Requires <family> to be RDMA_IPv4 or RDMA_IPv6.
- WSD: Use Web Service Discovery (WSD).
note
The WSD and LLMNR protocols use multicast groups and cannot be bound to the loopback interface or address (e.g., 127.0.0.1).
<options>: Additional listening configuration in the following format, <option>=<value>[,<option>=<value>,...], where <option>=<value> can be:
- RSS=<num>, where <num> is the number of RSS queues to use.
  For some testing and troubleshooting cases, you might enable RSS on a non-RSS-capable NIC by specifying a value greater than 0. This will cause Fusion File Share Server to advertise the NIC as RSS-capable, although it is unlikely to result in any performance gains.
  
  Default value: none. When the RSS option is omitted, Fusion File Share Server determines the NIC's RSS capabilities and sets the number of receive queues accordingly.
  
  Possible values:
  - 0: Disables advertising the NIC as RSS-capable.
  - any positive 32-bit integer (1–4294967294): Sets the number of receive queues to the specified value. Values greater than 32 are unlikely to be useful.
- max_read_write_size=<bytes>, where <bytes> is the maximum size of an RDMA read or write request in bytes when using SMB Direct.
  
  This option is valid only when <protocol> is SMBD. For other settings of <protocol>, this option is ignored.
  
  It sets the maximum number of bytes the server can send or receive in a single RDMA read or write request (MaxReadWriteSize). Note that the actual request size may be smaller than this value, depending on the client's capabilities and implementation.
  
  Default value: none. When the max_read_write_size option is omitted, a default value of 8388608 (8 MiB) is used, which is consistent with the value in the Windows implementation of RDMA.
  
  Possible values:
  - any positive 32-bit integer (1–4294967294): Sets the maximum size of an RDMA read or write request to the specified value.
- server=<name>, where <name> is the server name for share scoping.
  
  When set, the shares accessed through this interface on the specified port and protocol will be scoped to clients that access the server using the specified server name.
  
  Default value: none. When the server option is omitted, share scoping on the interface is disabled for all shares by default (although it can be specified on a per-share basis).

Default Value: N/A. Value MUST be set.

Examples:

eth0,0.0.0.0,IPv4,445,DIRECT_TCP: Listens on all IPv4 addresses on port 445 using Direct TCP on the eth0 interface.
eth0,0.0.0.0,IPv4,445,DIRECT_TCP,RSS=2: Listens on all IPv4 addresses on port 445 using Direct TCP on the eth0 interface with 2 RSS queues.
ANY,::,IPv6,445,DIRECT_TCP: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces.
ANY,::,IPv6,445,DIRECT_TCP,RSS=0: Listens on all IPv6 addresses on port 445 using Direct TCP on all interfaces with RSS disabled.
ANY,0.0.0.0,IPv4,139,NBSS: Listens on all IPv4 addresses on port 139 using NetBIOS Session Service on all interfaces.
ANY,0.0.0.0,RDMA_IPv4,445,SMBD: Listens on all IPv4 addresses on port 445 for RDMA using SMB Direct on all interfaces.
ANY,::,RDMA_IPv6,445,SMBD: Listens on all IPv6 addresses on port 445 for RDMA using SMB Direct on all interfaces.

-h
or
--help Display a help message.

`tsmb-cfg global del`

This subcommand is used to delete a global configuration parameter from the running Fusion File Share Server instance.

Usage: tsmb-cfg global del <parameter>

Available parameters:

Parameter	Description
`-l <value>` or `--listen <value>`	Corresponds with the global `listen` parameter. Removes a network listening configuration. `<value>` is a previously added listening configuration to be removed.
`-h` or `--help`	Display a help message.

`tsmb-cfg global update`

This subcommand is used to update a global configuration parameter of the running Fusion File Share Server instance.

Usage: tsmb-cfg global update <parameter> [<value>]

Available parameters:

Parameter	Description
`-d <value>` or `--dialects <value>`	Corresponds with the global `dialects` parameter. Sets the supperted SMB dialects. Mutually exclusive with: `dialect_max` Value Type: string Value Format: `<dialect> [<dialect> ...]` Multiple `<dialect>` values can be specified, separated by spaces. `<dialect>` is one of: `SMB1`: Enable SMB 1 (or CIFS). `SMB2.002`: Enable SMB 2.002. `SMB2.1`: Enable SMB 2.1. `SMB3.0`: Enable SMB 3.0. Required minimum for Multichannel, SMB Direct (RDMA), and encryption. `SMB3.02`: Enable SMB 3.02. `SMB3.1.1`: Enable SMB 3.11. Required minimum for compression. Default Value: `SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1` Examples: `SMB1 SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1`: Enables all supported SMB dialects. `SMB2.002 SMB2.1 SMB3.0 SMB3.02 SMB3.1.1`: Enables all supported SMB dialects, except for SMB1 (CIFS).
`-D <value>` or `--dialect_max <value>`	Corresponds with the global `dialect_max` parameter. Sets the maximum supported dialect. Mutually exclusive with: `dialects` Value Type: string Value Format: `<dialect>` Only one `<dialect>` value can be specified. The specified value will enable all SMB dialects up to and including the specified version. `<dialect>` is one of: `SMB1`: Enable SMB 1 (or CIFS). `SMB2.002`: Enable SMB 2.002. Required minimum for Direct TCP. `SMB2.1`: Enable SMB 2.1. `SMB3.0`: Enable SMB 3.0. Required minimum for Multichannel, SMB Direct (RDMA), and encryption. `SMB3.02`: Enable SMB 3.02. `SMB3.1.1`: Enable SMB 3.11. Required minimum for compression. Default Value: `SMB3.1.1` Examples: `SMB3.1.1`: Enables all supported SMB dialects. `SMB2.1`: Enables only dialects `SMB1` through `SMB2.1`. `SMB1`: Enables only SMB1 (CIFS).
`-t <value>` or `--durable_v1_timeout <value>`	Corresponds with the global `durable_v1_timeout` parameter. Sets the timeout for V1 durable handles. Value Type: integer Value Format: `<duration>` `<duration>` is a positive integer representing the number of seconds for the timeout of durable handles V1. Default Value: `960` Examples: `960` seconds (16 minutes) is the default timeout for durable handles V1.
`-T <value>` or `--durable_v2_timeout <value>`	Corresponds with the global `durable_v2_timeout` parameter. Sets the default timeout for V2 durable handles. Value Type: integer Value Format: `<duration>` `<duration>` is a positive integer representing the number of seconds for the timeout of durable handles V2. Default Value: `180` Examples: `180` seconds (3 minutes) is the default timeout for durable handles V2.
`--encrypt <value>`	Corresponds with the global `encrypt_data` parameter. Controls whether the server should encrypt SMB messages in transit. Overridden by Per-Share Parameter: `encrypt_data` Value Type: boolean Value Format: `true\|false` `true`: enable encryption in transit for all shares. `false`: disable encryption in transit for all shares. Default Value: `false`
`--reject-unencrypted <value>`	Corresponds with the global `reject_unencrypted_access` parameter. Controls whether the server should discard incoming unencrypted SMB messages. Value Type: boolean Value Format: `true\|false` `true`: Causes the server to reject all unencrypted messages from clients. `false`: Allows processing unencrypted messages from clients. Default Value: `false`
`--require-signing <value>`	Corresponds with the global `require_message_signing` parameter. Controls whether the server should discard incoming unsigned SMB messages. Value Type: boolean Value Format: `true\|false` `true`: Requires all incoming SMB messages to be signed, and drops any unsigned messages. `false`: Allows unsigned messages to be processed. Default Value: `false`
`--access-based-share-enumeration <value>`	Corresponds with the global `access_based_share_enumeration` parameter. Controls whether the server should hide shares during enumeration based on access permission. Value Type: boolean Value Format: `true\|false` `true`: Enables access based share enumeration for the server. `false`: Disables access based share enumeration for the server. Default Value: `false`
`--log-destination <value>`	Corresponds with the global `log_destination` parameter. Sets the destination for log messages. Value type: `string` Value format: `<destination>` Where `<destination>` can be one of the following: `console`: Logs are written to the standard output and standard error. `syslog`: Logs are written to the system log (syslog). `file`: Logs are written to a file. Default value: `console`
`--log-level <value>`	Corresponds with the global `log_level` parameter. Sets the default level of severity for log messages. Value type: `integer` Value format: `<level>` Where `<level>` can be one of the following: `0`: No logging `1`: Critical `2`: Error `3`: Warning `4`: Info `5`: Debug `10` to `15`: Authentication events User authentication failures User authorization failures Successful user logins `20` to `25`: Network level events Client handled SMB protocol errors Received SMB packets names `30` to `35`: VFS operations File and directory opening/closing `readdir` with dumped contents File reads/writes Other operations `80` to `89`: Raw network packet information Raw network packets: complete TCP data stream dumped as is (can be used to reconstruct a packet capture) Packets after decryption Packets as seen on network `90` to `100`: function traces Default value: `4`
`--log-params <value>`	Corresponds with the global `log_params` parameter. Sets the configuration parameters for logging. Value type: `string` Value format: `[path=<path>][,long][,timestamp][,time_usec=<true\|false>][,tid][,trace][,sensitive_data=<sensitive_data>]` Where `<parameter>` can be one of the following: `path=<path>`: (required) if the `log_destination` parameter is set to `file`. The path to the log file. `long`: (optional) Disables truncation of log messages, allowing the entire message to be printed. By default, log messages are truncated: 'Log-metadata' is truncated to a maximum of 80 characters. 'Log-content' is truncated to a maximum of 256 characters, plus any bytes unused by the 'log-metadata' component. The total message is limited to 337 bytes (80 + 256 + 1 newline character). Enabling this option prints the full log message, which may improve debugging but can incur a performance penalty. `timestamp`: (optional) Includes timestamps in the ISO 8601 format format in the log messages (`YYYY-MM-DD HH:MM:SS[.uuuuuu]`). `time_usec=<true\|false>`: (optional) Includes microsecond resolution timestamps in the log messages. Enabled by default when `timestamp` is enabled. `tid`: (optional) Includes thread identifiers in the log messages. `trace`: (optional) Includes trace identifiers in the log messages, specifically the function name and a line number. `sensitive_data=<sensitive_data>`: (optional) How sensitive data should be handled in the log messages. Data deemed "sensitive" includes domain names, IP addresses, user names and IDs, and file paths. Possible values: `allow`: All data appears as-is in the log messages. `strip`: Sensitive data is stripped from the log messages, and instead appears as `*`. `hash`: Sensitive data is hashed in the log messages. This is useful in order to differentiate between different sensitive data (e.g., distinguishing one IP address from another), yet cannot be used to recover the original values. Default value: `allow`. Default value:** none. None of the formatting options are enabled.
`--smb2-credits-max <value>`	Corresponds with the global `smb2_credits_max` parameter. Sets the number of SMB2 credits advertised to clients. Value Type: integer Value Format: `<credits>` Controls the maximum amount of credits the server will advertise to clients. Default Value: `8092`
`--shares-max <value>`	Corresponds with the global `shares_max` parameter. Sets the maximum number of shares that can be configured. Value Type:: integer Value Format: `<shares>` Specifies the maximum number of shares that can be configured on the server, including both administrative and user shares. Default Value: `1048576`
`--sessions-max <value>`	Corresponds with the global `sessions_max` parameter. Sets the maximum number of authenticated user sessions that are allowed to be established on the server. Value Type:: integer Value Format: `<sessions>` The maximum number of client sessions that can be active on the server at any given time. `0` indicates an unlimited number of sessions. Default Value: `0`.
`--userdb-idmap <value>`	Corresponds with the global `userdb_idmap` parameter. Sets the POSIX ID Mapping method. Value Type: string Value Format: `<method>[,<method>,...]` Where `<method>` is one of the following: `nss`: Specifies that the ID mapping is performed using the system Name Service Switch (NSS), as defined in the `/etc/nsswitch.conf` file. This is the default method. When using `nss`, other methods cannot be specified. `rfc2307[:<domain>]`: Specifies that the ID mapping is performed using the RFC 2307 schema. Optionally, you can specify the `<domain>` to scope the ID mapping to a specific domain. `rid:[<domain>]:<uid_min>[:<uid_max>]`: Indicates that the ID mapping is done dynamically based on the RID portion of the user's SID: If `<domain>` is specified, the ID mapping is scoped to that domain. `<uid_min>` and `<uid_max>` define the range of UIDs to use for the mapping. If `<uid_max>` is not specified, the range extends from `<uid_min>` to the maximum UID value. `<uid_max>` is required when multiple trusted domains are specified. Default Value: `nss`. Examples: `nss` specifies that the ID mapping is done using the system Name Service Switch (NSS). `rfc2307:acme.local` specifies that the ID mapping is done using the RFC 2307 schema. `rid:acme.local:1000:1999,rid:example.com:2000:2999` specifies dynamic ID mapping based on the the RID portion of the user's SID, with the UID range of `1000` to `1999` for the `acme.local` domain, and `2000` to `2999` for `example.com`.
`--userdb-idmap-cache Clear`	Clears the POSIX ID Mapping cache.
`--apple-extensions <value>`	Corresponds with the global `apple_extensions` parameter. Controls whether the server should enable Apple extensions in the SMB protocol for macOS. Value Type: boolean Value Format: `true\|false` `true`: Enables Apple Extensions for SMB. `false`: Disables Apple Extensions for SMB. Default Value: `true`
`-h` or `--help`	Display a help message.

`tsmb-cfg global list`

This subcommand is used to list the global configuration parameters of the running Fusion File Share Server instance.

Usage: tsmb-cfg global list [<parameters>]

Available parameters:

Parameter	Description
`-f <format>` or `--format <format>`	`<format>` is the format in which to output the global configuration info. The supported formats are: `raw`, `json` (Default: `raw`).
`-h` or `--help`	Display a help message.

`tsmb-cfg global help`

This subcommand is used to display the help message for the tsmb-cfg global subcommands.

Usage: tsmb-cfg global help

`tsmb-cfg share`

The subcommands under tsmb-cfg share are used to manage the shares configuration of Fusion File Share Server, corresponding with the [share] section of the configuration file.

`tsmb-cfg share add`

This subcommand is used to add a new share to a running Fusion File Share Server instance.

Usage: tsmb-cfg share add <parameter> [<value>]

Mandatory Parameters

When adding a share, the following parameters are required:

Parameter Description

Parameter	Description
`-n <value>` or `--name <value>`	Corresponds with the share `netname` parameter. Sets the name by which the share is identified and accessed. Value Type: string Default Value: none. Examples: `sh1` sets the net name to `sh1`. `MyShare` sets the net name to `MyShare`.
`-p <value>` or `--path <value>`	Corresponds with the share `path` parameter. Sets the path or the name of the print queue for the share. Value Type: string Value Format: `<path>` Where `<path>` is: For shared directories: The directory on the server's file system to be shared. For printer shares: The name of the print queue. Default Value: none. Examples: `/export/sh1`, if the share type is `disk`, indicates that the shared directory is /export/sh1. `paperjam`, if the share type is `printer`, indicates that the print queue is called paperjam.
`-s <value>` or `--spool-path <value>`	Corresponds with the share `spool_path` parameter. Sets the path to the spool directory on the server's file system. Value Type: string Value Format: `<path>` Where `<path>` is the path to the spool directory on the server's file system. When the share type is `printer`, this parameter must be set. Default Value: none. Examples: `/var/spool/tsmb` sets the spool path to `/var/spool/tsmb`.

-n <value>
or
--name <value>

Corresponds with the share netname parameter. Sets the name by which the share is identified and accessed.

Value Type: string

Default Value: none.

Examples:

sh1 sets the net name to sh1.
MyShare sets the net name to MyShare.

-p <value>
or
--path <value>

Corresponds with the share path parameter. Sets the path or the name of the print queue for the share.

Value Type: string

Value Format: <path>
Where <path> is:

For shared directories: The directory on the server's file system to be shared.
For printer shares: The name of the print queue.

Default Value: none.

Examples:

/export/sh1, if the share type is disk, indicates that the shared directory is /export/sh1.
paperjam, if the share type is printer, indicates that the print queue is called paperjam.

-s <value>
or
--spool-path <value>

Corresponds with the share spool_path parameter. Sets the path to the spool directory on the server's file system.

Value Type: string

Value Format: <path>
Where <path> is the path to the spool directory on the server's file system. When the share type is printer, this parameter must be set.

Default Value: none.

Examples:

/var/spool/tsmb sets the spool path to /var/spool/tsmb.

Additional Parameters

Parameter	Description
`-h` or `--hidden <value>`	Corresponds with the share `hidden` parameter. Controls whether the share is a hidden share. Value Type: boolean Value Format: `true\|false` `true`: Hides a share. `false`: Makes a share visible. Default Value: `false`
`--administrative <value>`	Corresponds with the share `administrative` parameter. Controls whether the share is an administrative share. Value Type: boolean Value Format: `true\|false` `true`: Designates share as an administrative share. `false`: Makes it a regular share. Default Value: `false`
`--server <value>`	Corresponds with the `server` parameter. Controls the server for share scoping. Value Type: string Default Value: none (the share will be visible through any hostname) Examples: `filesrv01` specifies that the share is visible only to clients connecting to \\filesrv01.
`-A <value>` or `--audit-level <value>`	Corresponds with the share `audit_level` parameter. Sets the audit logging level for the share. Value Type: integer Default Value: none Examples: `1` sets the audit level to 1 for the share. `3` sets the audit level to 3 for the share.
`-c <value>` or `--ca <value>`	Corresponds with the share `ca` parameter. Enables or disables the persistent file handle database for the share. Overrides Global Parameter: `ca` Value Type: boolean Value Format: `true\|false` `true`: Enables the persistent file handle database for the share. `false`: Disables the persistent file handle database for the share. Default Value: `false`
`-C <value>` or `--ca-params <value>`	Corresponds with the share `ca_params` parameter. Controls the behavior of the persistent file handle database for the share. Value Type: string Possibly Overrides Global Parameter: `ca_path` This parameter is only required when Fusion File Share Server is configured as an active-passive cluster. Value Format: `[<path>][,durable]` `<path>` is the path on a shared storage where the Fusion File Share Server stores its persistent file handle database for this share. This path must be accessible by all nodes in the Fusion File Share Server cluster to support continuous or high availability. This value overrides the global `ca_path` parameter for this share. `durable` is an optional flag that indicates whether durable handles on this share should be persisted in the persistent file handle database. Default Value: `<ca_path>/<netname>`, as determined by the global `ca_path` parameter and the share's `netname` parameter. Examples: `/mnt/shared/ca` would store the persistent file handle database in `/mnt/shared/ca/<share_name>` for each share where continuous availability is enabled.
`--dfs <value>`	Corresponds with the share `dfs` parameter. Controls whether the share should be visible in DFS. Value Type: boolean Value Format: `true\|false` `true`: Enables share's inclusion in DFS. `false`: Disables share's inclusion in DFS. Default Value: `false`
`--vss <value>`	Corresponds with the share `vss` parameter. Enables or disables Volume Shadow Copy (VSS) for the share. Overrides Global Parameter: `vss` Value Type: boolean Value Format: `true\|false` `true`: Enables VSS on the share. `false`: Disables VSS on the share. Default Value: as set in the global configuration.
`--vss-params <value>`	Corresponds with the share `vss_params` parameter. Sets the VSS parameters parameters for the share. Overrides Global Parameter: `vss_params` Value Type: string note The following format applies only when when the default VSS implementation is used. If the underlying file system of the share has a different VSS implementation, use that file system's specific format to configure VSS. Value Format: `path=<path>[,share_root=<share_root>]` `path=<path>` (required): `<path>` is where the snapshot roots are located. Under this directory, subdirectories are expected named with the following timestamp format: `@GMT-YYYY.MM.DD-hh.mm.ss` (e.g., `@GMT-2019.11.11-12.10.10`, `@GMT-2024.05.03-22.12.42`, etc.). `share_root=<share_root>` (optional): This parameter is used when you have multiple shares on the same volume, and when a snapshot is taken, it's taken for the entire volume. Hence, `<share_root>` specifies the the directory inside each snapshot subdirectory that contains the files for this particular share at that point of time. If not specified, the share root defaults to the root of the snapshot subdirectory. Default Value: as set in the global configuration. Examples: `path=/mnt/my-share-snapshots` specifies that the snapshot roots are located in the `/mnt/my-share-snapshots` directory. `path=/mnt/snapshots,share_root=my-share` specifies that the snapshot roots are located in the `/mnt/snapshots` directory, and the share root for each share is the `/mnt/snapshots/@GMT-<timestamp>/my-share` directory.
`--case-insensitive <value>`	Corresponds with the share `case_insensitive` parameter. Controls whether the share should be case-insensitive. Overrides Global Parameter: `case_insensitive` Value Type: boolean Value Format: `true\|false` `true`: Makes file operations on the share case-insensitive. `false`: Leaves file operations on the share case-sensitive. Default Value: as set in the global configuration.
`--oplock <value>`	Corresponds with the share `oplock` parameter. Controls opportunistic locking (oplock) behavior for the share. Potentially Overrides Global Parameter: `oplock` Ignored when global parameter `oplock` is set to `disabled` Value Type: string Value Format: `<type>` Where `<type>` indicates the type of opportunistic lock to be issued: `none`: Enables oplock/lease support and advertises the SMB2_GLOBAL_CAP_LEASING capability to clients. However, Fusion File Share Server server only grants NONE oplock/lease regardless of the value of RequestedOplockLevel. `read`: Read-only oplock/lease support. This may be used to increase performance when the workload mostly consists of read operations. `all`: Full oplock/lease support. Default Value: `all`
`-l <value>` or `--force-l2oplock <value>`	Deprecated. Use `--oplock` instead. Corresponds with the share `force_level2oplock` parameter. Controls opportunistic locking (oplock) behavior for the share. warning This parameter is deprecated. Use `oplock` instead. Value Type: boolean Value Format: `true\|false` `true`: Indicates that the server would only issue level 2 (read-only) opportunistic locks when an oplock is requested by the client. This can increase performance when the workload mostly consists of read operations. `false`: Indicates that the server would issue opportunistic locks of any type when requested by the client. Default Value: `false`
`--encrypt <value>`	Corresponds with the share `encrypt_data` parameter. Controls whether encryption in transit should be enabled for the share. Overrides Global Parameter: `encrypt_data` Value Type: boolean Value Format: `true\|false` `true`: enable data transfer encryption on the share. `false`: disable data transfer encryption on the share. Default Value: as set in the global configuration.
`--access-based-enumeration <value>`	Corresponds with the share `access_based_enumeration` parameter. Controls whether the share should hide shares during enumeration based on access permission. Value Type: boolean Value Format: `true\|false` `true`: Enables access based enumeration for the share. `false`: Disables access based enumeration for the share. Default Value: `false`
`--permissions <value>`	Corresponds with the share `permissions` parameter. Sets the permissions for the share. Value Type: string Value Format: `<id>:<access>, <id>:<access>, ...` `<id>` is the identifier to which its corresponding `<access>` applies. It can be: Predefined groups (corresponding to similarly named standard Windows groups): `everyone`: All users, excluding anonymous users. `anonymous`: Anonymous users in a null session. `authenticatedusers`: All authenticated users. Username: A user on the domain or local machine Example: `johndoe` Group, prefixed by `@`: Example: `@staff` Security identifier (SID), prefixed by `S-`: Example: `S-1-1-0` note User and group specification dependens on the authentication backend defined by the `userdb_type` global parameter. `<access>` defines the access level granted to the identified user or group. It can be one of the following: `no`: Denies all access. `read`: Grants Read, ReadAttributes, ReadControl, and Execute permissions. `change`: Grants all permissions granted by `read`, as well as the Write, WriteAttributes, AppendData, and Delete permissions. `full`: Grants all permissions granted by `change`, as well as the DeleteChild, WriteDAC, and WriteOwner permissions. note For printer shares, `<access>` must be set to either `full` or `change`. important If an `<id>` cannot be resolved to a SID, it is ignored if `<access>` is `read`, `change`, or `full`. However, if `<access>` is `no`, the permission applies to all users, rendering the share inaccessible. Moreover, Fusion File Share Server will continue attempting to resolve the `<id>` against the underlying authentication backend, such as Active Directory, which may slow down access to the share. To ignore unresolved `<id>` values, you can set the share's `ignore_unresolved_share_deny_permission` parameter to `true`. However, this may grant unintended access, for example if `<id>` was misspelled. Default Value: `everyone:read` Examples: `everyone:full` grants full access to `everyone``. `johndoe:full, @staff:change` grants full access to user `johndoe`, and change access to all users in the `staff` group. `anonymous:read` grants read access to anonymous users.
`--security-descriptor <value>`	Corresponds with the share `security_descriptor` parameter. Sets the security descriptor for the share. Value Type: string Value Format: SDDL string Default Value: none Examples: `O:SYG:SYD:(A;;FA;;;WD)` grants full access to Everyone. `O:SYG:SYD:(A;;0x1200a9;;;WD)` grants read only access to Everyone. `O:SYG:SYD:(A;;FA;;;AN)` grants full access to anonymous users.
`-r <value>` or `--remark <value>`	Corresponds with the share `remark` parameter. Sets a human-readable comment on the share. Value Type: string Default Value: none. Examples: `My Awesome Share` sets the remark to My Awesome Share. `Video Files` sets the remark to Video Files.
`-t <value>` or `--type <value>`	Corresponds with the share `type` parameter. Sets the type of the share. Value Type: string Value Format: `disk\|printer` `disk`: Indicates this share refers to a shared directory on the file system containing the share. `printer`: Indicates that this share refers to a printer. Default Value: `disk`
`-a <value>` or `--files-allow <value>`	Corresponds with the share `files_allow` parameter. Sets the pattern of allowed files for veto files. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`-d <value>` or `--files-deny <value>`	Corresponds with the share `files_deny` parameter. Sets the pattern of denied files for veto files. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`--compression-deny <value>`	Corresponds with the share `compression_deny` parameter. Controls which files should not be compressed with SMB compression enabled. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`-m <value>` or `--map-attributes <value>`	Corresponds with the share `map_attributes` parameter. Controls the manner in which Windows attributes are stored for the files.. Value Type: string Value Format: `<method>[,<method>,...]` Values are separated by `,`. A `<method>` can be one of the following: `native`: Store attributes natively on the file system, if supported. Use this option if the underlying file system is NTFS, or another private VFS module that supports these attributes. `xattr[:<version>]`: Use Samba-compatible extended attribute `user.DOSATTRIB` to store the attributes. The optional `<version>` parameter specifies the version of the extended attribute format to use: `v3`: Use the Samba 3.5 to 4.10 format. `v4`: Use the Samba 4.11 to 4.16 format (default). `v5`: Use the Samba 4.17 or newer format. `filename:<attributes>:<pattern>`: Treat files matching `<pattern>` as always having the attributes specified in `<attributes>`: `<attributes>` is a non-delimited combination of: `A`: Archive. `S`: System. `H`: Hidden. `<pattern>` is a shell-style wildcard pattern that matches the file name. note The only currently supported `<pattern>` is `.`. `posix-exec:<attributes>`: Map attributes to POSIX execute permission bits, where `<attributes>` is a non-delimited combination of: `A`: Archive, stored in the user's execute permission bit (u+x). `S`: System, stored in the group's execute permission bit (g+x). `H`: Hidden, stored in the other's execute permission bit (o+x). note This is a legacy method and should be used with care. This method doesn't affect directories, and assumes that the execute permission bits are not used for their original purpose, and are only modified by Fusion File Share Server. Default Value:* `xattr:v4` Examples: `xattr,filename:HS:.`: Uses the default Samba v4 extended attributes format, and treat all dot files as having the Hidden* and System attributes.
`--map-acls <value>`	Corresponds with the share `map_acls` parameter. Sets the method for storing ACLs. Value Type: string Value Format: `<method>[,<method>,...]` Values are separated by `,`. A `<method>` can be one of the following: `xattr[:<variant>]`: Store the ACLs in a dedicated extended attribute. Optional argument `<variant>` specifies the name of the extended attribute and the format used to save the ACLs: `raw`: Use the self-relative security descriptor in Fusion File Share-specific extended attribute `user.tsmb.$sd` (default). `v3`: Use version 3 of the Samba extended attribute `security.NTACL` without duplication in POSIX ACL. `v4`: Use version 4 of the Samba extended attribute `security.NTACL` without duplication in POSIX ACL. `native`: Store the ACLs natively on the file system, if supported. Use this option if the underlying file system is NTFS, or another private VFS module that supports these attributes. `posix-acl[:map_full_control]`: Attempt to convert Windows ACLs to POSIX ACLs with best-effort mapping. If `map_full_control` is specified, the `rwx` permission bits are mapped to Full Control. Default Value: `xattr:raw` Examples: `xattr:raw`: Stores the ACLs in the default Fusion File Share-specific extended attribute. `native`: Stores the ACLs natively on a supported file system.
`-S <value>` or `--security <value>`	Corresponds with the share `security` parameter. Sets the file security model for the share. Value Type: string Value Format: `<mode>` `<mode>` is one of: `windows`: Use the Windows security mode, with full Windows ACL support. `posix`: Use the POSIX security mode, based on the standard Unix permissions model. `none`: Use the None security mode, falling back on the share permissions for access control. Default Value: `windows`
`-v <value>` or `--vfs <value>`	Corresponds with the share `vfs` parameter. Sets the VFS behavior for the share. Value Type: string Value Format: `<type>:<option>[,<option>,...]` `<type>` specifies the type of the VFS module to use. Currently, the only supported option is: `libc`: the default VFS module for Linux. `<option>` can be set to one of the following: `force_sync`: opens each file with the O_SYNC flag to ensure that all data is written to disk before returning from a write operation. This option is useful for applications requiring strong durability guarantees, but it degrades performance. This option is required for clusters in active-passive mode. `nodirect`: ignores client requests for direct I/O, bypassing the OS's page cache. This applies to FILE_NO_IMMEDIATE_BUFFERING on Windows, O_DIRECT on Linux, and F_NOCACHE on macOS. This option is likely to improve performance, but could disregard the client application's expectations, potentially resulting in undefined behavior. Use with caution. `lock`: enables the propagation of byte-range locks to the underlying file system,allowing interoperability with other applications (such as NFS servers) that depend on byte-range locks. Note that this option may degrade performance. Default Value: none (`libc` is configured to not use O_SYNC and to respect client's requests for direct I/O). Examples: `libc:force_sync,nodirect` will force Fusion File Share Server to open all files with the O_SYNC flag, and to ignore client's requests for direct I/O.
`-z <value>` or `--vfs-zerocopy-write <value>`	Corresponds with the share `vfs_zerocopy_write` parameter. Enables or disables zero-copy for writes. Value Type: boolean Value Format: `true\|false` `true`: Enables zero-copy for write operations on the share. `false`: Disables zero-copy for write operations on the share. Default Value: `true`
`-Z <value>` or `--vfs-zerocopy-read <value>`	Corresponds with the share `vfs_zerocopy_read` parameter. Enables or disables zero-copy for reads. Value Type: boolean Value Format: `true\|false` `true`: Enables zero-copy for read operations on the share. `false`: Disables zero-copy for read operations on the share. Default Value: `false`
`--vfs-data-threads <value>`	Corresponds with the share `vfs_data_threads` parameter. Sets the number of share specific VFS data threads. Potentially Overrides Global Parameter: `vfs_data_threads` Value Type: integer Value Format: `<threads>` Determines the number of threads for VFS data operations in the share's pool. If set to `0`: If the share's `vfs_metadata_threads` is not set to `0`, VFS operations will be executed on the share's data thread pool. If the share's `vfs_metadata_threads` is also set to `0`, VFS operations will be executed on the global pool, as specified in the global `vfs_data_threads` parameter. Default Value: `1`
`--vfs-metadata-threads <value>`	Corresponds with the share `vfs_metadata_threads` parameter. Sets the number of share specific VFS metadata threads. Potentially Overrides Global Parameter: `vfs_metadata_threads` Value Type: integer Value Format: `<threads>` Determines the number of threads for VFS metadata operations in the share's pool. If set to `0`: If the share's `vfs_data_threads` is not set to `0`, VFS operations will be executed on the share's data thread pool. If the share's `vfs_data_threads` is also set to `0`, VFS operations will be executed on the global pool, as specified in the global `vfs_metadata_threads` parameter. Default Value: `1`
`--vfs-fallocate-min <value>`	Corresponds with the share `vfs_fallocate_min` parameter. Sets the minimum threshold for using the fallocate() system call. Value Type: integer Value Format: `<bytes>` Where `<bytes>` is the minimum size of a file that will be allocated using `fallocate`. Default Value: `0`
`--vfs-fallocate-max <value>`	Corresponds with the share `vfs_fallocate_max` parameter. Sets the maximum threshold for using the fallocate() system call. Value Type: integer Value Format: `<bytes>` Where `<bytes>` is the maximum size of a file that will be allocated using `fallocate`. Default Value: `0`
`--hosts-allow <value>`	Corresponds with the share `hosts_allow` parameter. Sets the allowed hosts for host-based access control. Value Type: string Value Format: `<IP\|CIDR>,<IP\|CIDR>,...` Values are separated by `,`. A value can be an either an IP address, or a subnet in CIDR notation. Examples: `192.168.2.0/24` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255. `10.0.0.1` matches only host 10.0.0.1. `192.168.2.0/24,10.0.0.1` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255 and host 10.0.0.1.
`--hosts-deny <value>`	Corresponds with the share `hosts_deny` parameter. Sets the denied hosts for host-based access control. Value Type: string Value Format: `<IP\|CIDR>,<IP\|CIDR>,...` Values are separated by `,`. A value can be an either an IP address, or a subnet in CIDR notation. Examples: `192.168.2.0/24` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255. `10.0.0.1` matches only host 10.0.0.1. `192.168.2.0/24,10.0.0.1` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255 and host 10.0.0.1.
`--create-mask <value>`	Corresponds with the share `create_mask` parameter. Sets the maximum allowed POSIX permission for a file. Value type: `string` Value format: `<mask>` Where `<mask>` is a string of four octal digits, representing the permission bits the POSIX file permissions are masked against. The resulting permissions are calculated as a bitwise AND between the POSIX file permissions and the create mask. In other words, this value represents the maximum POSIX permissions that would be applied to the file at creation. Default value: `0744` Examples: `0744` - The resulting permissions will range between `0000` and `0744`, ensuring that the file is at most readable by group and others, while owner will have the full set of permissions. `0644` - The resulting permissions will range between `0000` and `0644`, ensuring that the file is at most readable by group and others, while owner will not have execute permissions. `0750` - The resulting permissions will range between `0000` and `0750`, ensuring that the file is at most readable and executable by group, others will not have any permissions, and the owner will have the full set of permissions.
`--force-create-mode <value>`	Corresponds with the share `force_create_mode` parameter. Sets the minimum required POSIX permissions for a file. Value type: `string` Value format: `<mode>` Where `<mode>` is a string of four octal digits, representing the permission bits the POSIX file permissions are masked against. The resulting permissions are calculated as a bitwise OR between the POSIX file permissions and the create mode, after the file mask has been applied, as defined in `create_mask` has been applied. In other words, this value represents the minimum POSIX permissions that would be applied to the file at creation. Default value: `0000` Examples: `0000` - The resulting permissions will range between `0000` and `7777`, ensuring the file will be at least readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0644` and `7777`, ensuring the file will be at least readable by group and others, while owner will not have execute permissions. `4644` - The resulting permissions will range between `4644` and `7777`, ensuring the file will be at least readable and executable by group, others will not have any permissions, and the owner will have the full set of permissions. It will also have setuid, signifying that the file will be executed with the permissions of its owner.
`--directory-mask <value>`	Corresponds with the share `directory_mask` parameter. Sets the maximum allowed POSIX permission for a directory. Value type: `string` Value format: `<mask>` Where `<mask>` is a string of four octal digits, representing the permission bits the POSIX directory permissions are masked against. The resulting permissions are calculated as a bitwise AND between the POSIX directory permissions and the create mask. In other words, this value represents the maximum POSIX permissions that would be applied to the directory at creation. Default value: `0744` Examples: `0744` - The resulting permissions will range between `0000` and `0744`, ensuring the directory will be at most readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0000` and `0644`, ensuring the directory will be at most readable by group and others, while owner will not have list permissions. `0750` - The resulting permissions will range between `0000` and `0750`, ensuring the directory will be at most readable and listable by group, others will not have any permissions, and the owner will have the full set of permissions.
`--force-directory-mode <value>`	Corresponds with the share `force_directory_mode` parameter. Sets the minimum required POSIX permissions for a directory. Value type: `string` Value format: `<mode>` Where `<mode>` is a string of four octal digits, representing the permission bits the POSIX directory permissions are masked against. The resulting permissions are calculated as a bitwise OR between the POSIX file permissions and the create mode, after the directory mask has been applied, as defined in `directory_mask` has been applied. In other words, this value represents the minimum POSIX permissions that would be applied to the directory at creation. Default value: `0000` Examples: `0000` - The resulting permissions will range between `0000` and `7777`, ensuring the directory will be at least readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0644` and `7777`, ensuring the directory will be at least readable by group and others, while owner will not have list permissions. `2644` - The resulting permissions will range between `2644` and `7777`, ensuring the directory will be at least readable and listable by group, others will not have any permissions, and the owner will have the full set of permissions. It will also have setgid, signifying that the directory will inherit the group of the parent directory.
`--enable-oplock <value>`	Deprecated. Use `--oplock` instead.. Corresponds with the share `enable_oplock` parameter. Controls whether the share should enable oplocks. warning This parameter is deprecated. Use `oplock` instead. Overrides Global Parameter: `enable_oplock` Value Type: boolean Value Format: `true\|false` `true`: Allows the client to acquire opportunistic locks (oplocks) on share's files. `false`: Disables opportunistic locks (oplocks) on share's files. Default Value: `true`
`--named-streams <value>`	Corresponds with the share `named_streams` parameter. Controls whether the share should enable named streams. Value Type: boolean Value Format: `true\|false` `true`: Enables named streams on the share. `false`: Disables named streams on the share. Default Value: `true`
`-h` or `--help`	Display a help message.

`tsmb-cfg share del`

This subcommand is used to remove a share from a running Fusion File Share Server instance, or to remove a scoped share.

Usage: tsmb-cfg share del -n <netname> [<parameter>,...]

Mandatory parameters:

Parameter Description

Parameter	Description
`-n <netname>` or `--name <value>`	Corresponds with the share `netname` parameter. Sets the name by which the share is identified and accessed. Value Type: string Default Value: none. Examples: `sh1` sets the net name to `sh1`. `MyShare` sets the net name to `MyShare`.

-n <netname>
or
--name <value>

Corresponds with the share netname parameter. Sets the name by which the share is identified and accessed.

Value Type: string

Default Value: none.

Examples:

sh1 sets the net name to sh1.
MyShare sets the net name to MyShare.

Optional parameters:

Parameter Description

Parameter	Description
`--server <value>`	Corresponds with the `server` parameter. Removes share scoping for the share, making it available through all hostnames. Value Type: string Default Value: none (the share will be visible through any hostname) Examples: `filesrv01` specifies that the share is visible only to clients connecting to \\filesrv01.
`-h` or `--help`	Display a help message.

--server <value>

Corresponds with the server parameter. Removes share scoping for the share, making it available through all hostnames.

Value Type: string

Default Value: none (the share will be visible through any hostname)

Examples:

filesrv01 specifies that the share is visible only to clients connecting to \\filesrv01.

-h
or
--help Display a help message.

`tsmb-cfg share update`

This subcommand is used to update a share in a running Fusion File Share Server instance.

Usage: tsmb-cfg share update -n <netname> <parameter> [<value>]

Mandatory parameters:

Parameter Description

Parameter	Description
`-n <netname>` or `--name <value>`	Corresponds with the share `netname` parameter. Sets the name by which the share is identified and accessed. Value Type: string Default Value: none. Examples: `sh1` sets the net name to `sh1`. `MyShare` sets the net name to `MyShare`.

-n <netname>
or
--name <value>

Corresponds with the share netname parameter. Sets the name by which the share is identified and accessed.

Value Type: string

Default Value: none.

Examples:

sh1 sets the net name to sh1.
MyShare sets the net name to MyShare.

Optional parameters:

Parameter	Description
`--oplock <value>`	Corresponds with the share `oplock` parameter. Controls opportunistic locking (oplock) behavior for the share. Potentially Overrides Global Parameter: `oplock` Ignored when global parameter `oplock` is set to `disabled` Value Type: string Value Format: `<type>` Where `<type>` indicates the type of opportunistic lock to be issued: `none`: Enables oplock/lease support and advertises the SMB2_GLOBAL_CAP_LEASING capability to clients. However, Fusion File Share Server server only grants NONE oplock/lease regardless of the value of RequestedOplockLevel. `read`: Read-only oplock/lease support. This may be used to increase performance when the workload mostly consists of read operations. `all`: Full oplock/lease support. Default Value: `all`
`-l <value>` or `--force-l2oplock <value>`	Deprecated. Use `--oplock` instead. Corresponds with the share `force_level2oplock` parameter. Controls opportunistic locking (oplock) behavior for the share. warning This parameter is deprecated. Use `oplock` instead. Value Type: boolean Value Format: `true\|false` `true`: Indicates that the server would only issue level 2 (read-only) opportunistic locks when an oplock is requested by the client. This can increase performance when the workload mostly consists of read operations. `false`: Indicates that the server would issue opportunistic locks of any type when requested by the client. Default Value: `false`
`-e <value>` or `--encrypt <value>`	Corresponds with the share `encrypt_data` parameter. Controls whether encryption in transit should be enabled for the share. Overrides Global Parameter: `encrypt_data` Value Type: boolean Value Format: `true\|false` `true`: enable data transfer encryption on the share. `false`: disable data transfer encryption on the share. Default Value: as set in the global configuration.
`--access-based-enumeration <value>`	Corresponds with the share `access_based_enumeration` parameter. Controls whether the share should hide shares during enumeration based on access permission. Value Type: boolean Value Format: `true\|false` `true`: Enables access based enumeration for the share. `false`: Disables access based enumeration for the share. Default Value: `false`
`-P <value>` or `--permissions <value>`	Corresponds with the share `permissions` parameter. Sets the permissions for the share. Value Type: string Value Format: `<id>:<access>, <id>:<access>, ...` `<id>` is the identifier to which its corresponding `<access>` applies. It can be: Predefined groups (corresponding to similarly named standard Windows groups): `everyone`: All users, excluding anonymous users. `anonymous`: Anonymous users in a null session. `authenticatedusers`: All authenticated users. Username: A user on the domain or local machine Example: `johndoe` Group, prefixed by `@`: Example: `@staff` Security identifier (SID), prefixed by `S-`: Example: `S-1-1-0` note User and group specification dependens on the authentication backend defined by the `userdb_type` global parameter. `<access>` defines the access level granted to the identified user or group. It can be one of the following: `no`: Denies all access. `read`: Grants Read, ReadAttributes, ReadControl, and Execute permissions. `change`: Grants all permissions granted by `read`, as well as the Write, WriteAttributes, AppendData, and Delete permissions. `full`: Grants all permissions granted by `change`, as well as the DeleteChild, WriteDAC, and WriteOwner permissions. note For printer shares, `<access>` must be set to either `full` or `change`. important If an `<id>` cannot be resolved to a SID, it is ignored if `<access>` is `read`, `change`, or `full`. However, if `<access>` is `no`, the permission applies to all users, rendering the share inaccessible. Moreover, Fusion File Share Server will continue attempting to resolve the `<id>` against the underlying authentication backend, such as Active Directory, which may slow down access to the share. To ignore unresolved `<id>` values, you can set the share's `ignore_unresolved_share_deny_permission` parameter to `true`. However, this may grant unintended access, for example if `<id>` was misspelled. Default Value: `everyone:read` Examples: `everyone:full` grants full access to `everyone``. `johndoe:full, @staff:change` grants full access to user `johndoe`, and change access to all users in the `staff` group. `anonymous:read` grants read access to anonymous users.
`--security-descriptor <value>`	Corresponds with the share `security_descriptor` parameter. Sets the security descriptor for the share. Value Type: string Value Format: SDDL string Default Value: none Examples: `O:SYG:SYD:(A;;FA;;;WD)` grants full access to Everyone. `O:SYG:SYD:(A;;0x1200a9;;;WD)` grants read only access to Everyone. `O:SYG:SYD:(A;;FA;;;AN)` grants full access to anonymous users.
`-r <value>` or `--remark <value>`	Corresponds with the share `remark` parameter. Sets a human-readable comment on the share. Value Type: string Default Value: none. Examples: `My Awesome Share` sets the remark to My Awesome Share. `Video Files` sets the remark to Video Files.
`-a <value>` or `--files-allow <value>`	Corresponds with the share `files_allow` parameter. Sets the pattern of allowed files for veto files. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`-d <value>` or `--files-deny <value>`	Corresponds with the share `files_deny` parameter. Sets the pattern of denied files for veto files. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`--compression-deny <value>`	Corresponds with the share `compression_deny` parameter. Controls which files should not be compressed with SMB compression enabled. Value Type: string Value Format: `<pattern>\|<pattern>\|...` Patterns are separated by `\|`. A pattern can include the `?` wildcard to match a single character A pattern can include the `` wildcard to match any number of characters Examples: `` matches all files. `.tmp\|.bak` matches files with the `.tmp` or `.bak` extension. `.foo\|.bar\|foobar` matches files that have the `.foo` or `.bar` extension, or contain the string `foobar`.
`--hosts-allow <value>`	Corresponds with the share `hosts_allow` parameter. Sets the allowed hosts for host-based access control. Value Type: string Value Format: `<IP\|CIDR>,<IP\|CIDR>,...` Values are separated by `,`. A value can be an either an IP address, or a subnet in CIDR notation. Examples: `192.168.2.0/24` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255. `10.0.0.1` matches only host 10.0.0.1. `192.168.2.0/24,10.0.0.1` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255 and host 10.0.0.1.
`--hosts-deny <value>`	Corresponds with the share `hosts_deny` parameter. Sets the denied hosts for host-based access control. Value Type: string Value Format: `<IP\|CIDR>,<IP\|CIDR>,...` Values are separated by `,`. A value can be an either an IP address, or a subnet in CIDR notation. Examples: `192.168.2.0/24` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255. `10.0.0.1` matches only host 10.0.0.1. `192.168.2.0/24,10.0.0.1` matches all IP addresses in the range of 192.168.2.0 to 192.168.2.255 and host 10.0.0.1.
`--vfs-params <value>`	Corresponds with the share `vfs` parameter. Sets the VFS parameters for the share. Value Type: string Value Format: `<type>:<option>[,<option>,...]` `<type>` specifies the type of the VFS module to use. Currently, the only supported option is: `libc`: the default VFS module for Linux. `<option>` can be set to one of the following: `force_sync`: opens each file with the O_SYNC flag to ensure that all data is written to disk before returning from a write operation. This option is useful for applications requiring strong durability guarantees, but it degrades performance. This option is required for clusters in active-passive mode. `nodirect`: ignores client requests for direct I/O, bypassing the OS's page cache. This applies to FILE_NO_IMMEDIATE_BUFFERING on Windows, O_DIRECT on Linux, and F_NOCACHE on macOS. This option is likely to improve performance, but could disregard the client application's expectations, potentially resulting in undefined behavior. Use with caution. `lock`: enables the propagation of byte-range locks to the underlying file system,allowing interoperability with other applications (such as NFS servers) that depend on byte-range locks. Note that this option may degrade performance. Default Value: none (`libc` is configured to not use O_SYNC and to respect client's requests for direct I/O). Examples: `libc:force_sync,nodirect` will force Fusion File Share Server to open all files with the O_SYNC flag, and to ignore client's requests for direct I/O.
`--hidden <value>`	Corresponds with the share `hidden` parameter. Controls whether the share is a hidden share. Value Type: boolean Value Format: `true\|false` `true`: Hides a share. `false`: Makes a share visible. Default Value: `false`
`--case-insensitive <value>`	Corresponds with the share `case_insensitive` parameter. Controls whether the share should be case-insensitive. Overrides Global Parameter: `case_insensitive` Value Type: boolean Value Format: `true\|false` `true`: Makes file operations on the share case-insensitive. `false`: Leaves file operations on the share case-sensitive. Default Value: as set in the global configuration.
`--create-mask <value>`	Corresponds with the share `create_mask` parameter. Sets the maximum allowed POSIX permissions for a file. Value type: `string` Value format: `<mask>` Where `<mask>` is a string of four octal digits, representing the permission bits the POSIX file permissions are masked against. The resulting permissions are calculated as a bitwise AND between the POSIX file permissions and the create mask. In other words, this value represents the maximum POSIX permissions that would be applied to the file at creation. Default value: `0744` Examples: `0744` - The resulting permissions will range between `0000` and `0744`, ensuring that the file is at most readable by group and others, while owner will have the full set of permissions. `0644` - The resulting permissions will range between `0000` and `0644`, ensuring that the file is at most readable by group and others, while owner will not have execute permissions. `0750` - The resulting permissions will range between `0000` and `0750`, ensuring that the file is at most readable and executable by group, others will not have any permissions, and the owner will have the full set of permissions.
`--force-create-mode <value>`	Corresponds with the share `force_create_mode` parameter. Sets the minimum required POSIX permissions for a file. Value type: `string` Value format: `<mode>` Where `<mode>` is a string of four octal digits, representing the permission bits the POSIX file permissions are masked against. The resulting permissions are calculated as a bitwise OR between the POSIX file permissions and the create mode, after the file mask has been applied, as defined in `create_mask` has been applied. In other words, this value represents the minimum POSIX permissions that would be applied to the file at creation. Default value: `0000` Examples: `0000` - The resulting permissions will range between `0000` and `7777`, ensuring the file will be at least readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0644` and `7777`, ensuring the file will be at least readable by group and others, while owner will not have execute permissions. `4644` - The resulting permissions will range between `4644` and `7777`, ensuring the file will be at least readable and executable by group, others will not have any permissions, and the owner will have the full set of permissions. It will also have setuid, signifying that the file will be executed with the permissions of its owner.
`--directory-mask <value>`	Corresponds with the share `directory_mask` parameter. Sets the maximum allowed POSIX permissions for a directory. Value type: `string` Value format: `<mask>` Where `<mask>` is a string of four octal digits, representing the permission bits the POSIX directory permissions are masked against. The resulting permissions are calculated as a bitwise AND between the POSIX directory permissions and the create mask. In other words, this value represents the maximum POSIX permissions that would be applied to the directory at creation. Default value: `0744` Examples: `0744` - The resulting permissions will range between `0000` and `0744`, ensuring the directory will be at most readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0000` and `0644`, ensuring the directory will be at most readable by group and others, while owner will not have list permissions. `0750` - The resulting permissions will range between `0000` and `0750`, ensuring the directory will be at most readable and listable by group, others will not have any permissions, and the owner will have the full set of permissions.
`--force-directory-mode <value>`	Corresponds with the share `force_directory_mode` parameter. Sets the minimum required POSIX permissions for a directory. Value type: `string` Value format: `<mode>` Where `<mode>` is a string of four octal digits, representing the permission bits the POSIX directory permissions are masked against. The resulting permissions are calculated as a bitwise OR between the POSIX file permissions and the create mode, after the directory mask has been applied, as defined in `directory_mask` has been applied. In other words, this value represents the minimum POSIX permissions that would be applied to the directory at creation. Default value: `0000` Examples: `0000` - The resulting permissions will range between `0000` and `7777`, ensuring the directory will be at least readable by group and others, while user will have the full set of permissions. `0644` - The resulting permissions will range between `0644` and `7777`, ensuring the directory will be at least readable by group and others, while owner will not have list permissions. `2644` - The resulting permissions will range between `2644` and `7777`, ensuring the directory will be at least readable and listable by group, others will not have any permissions, and the owner will have the full set of permissions. It will also have setgid, signifying that the directory will inherit the group of the parent directory.
`--enable-oplock <value>`	Deprecated. Use `--oplock` instead. Corresponds with the share `enable_oplock` parameter. Controls whether the share should enable oplocks. warning This parameter is deprecated. Use `oplock` instead. Overrides Global Parameter: `enable_oplock` Value Type: boolean Value Format: `true\|false` `true`: Allows the client to acquire opportunistic locks (oplocks) on share's files. `false`: Disables opportunistic locks (oplocks) on share's files. Default Value: `true`
`--named-streams <value>`	Corresponds with the share `named_streams` parameter. Controls whether the share should enable named streams. Value Type: boolean Value Format: `true\|false` `true`: Enables named streams on the share. `false`: Disables named streams on the share. Default Value: `true`
`-h` or `--help`	Display a help message.

`tsmb-cfg share list`

This subcommand is used to list the currently active shares in a running Fusion File Share Server instance.

Usage: tsmb-cfg share list [<parameter>,...]

Optional parameters:

Parameter	Description
`-l <value>` or `--info-level <value>`	Specifies the output's level of detail, where `<value>` is one of: • `1`: (Default) List only the `netname`, and for scoped shares, the `server`. • `2`: List shares with options set in configuration file.
`-f <value>` or `--format <value>`	Specifies the output's format, where `<value>` is one of: • `raw`: (Default) Output in a raw, human-readable format. • `json`: Output in JSON format.
`-n <value>` or `--name <value>`	Filters the output to only include shares with the specified `netname`.
`--server <value>`	Filters the output to only include shares scoped to the specified server.
`-h` or `--help`	Display a help message.

`tsmb-cfg share help`

This subcommand is used to display the help message for the tsmb-cfg share subcommands.

Usage: tsmb-cfg share help

`tsmb-cfg help`

This subcommand is used to display the help message for the tsmb-cfg command.

tsmb-cfg

Usage​

Options​

tsmb-cfg global​

tsmb-cfg global add​

tsmb-cfg global del​

tsmb-cfg global update​

tsmb-cfg global list​

tsmb-cfg global help​

tsmb-cfg share​

tsmb-cfg share add​

Mandatory Parameters​

Additional Parameters​

tsmb-cfg share del​

tsmb-cfg share update​

tsmb-cfg share list​

tsmb-cfg share help​

tsmb-cfg help​

`tsmb-cfg`

Usage

Options

`tsmb-cfg global`

`tsmb-cfg global add`

`tsmb-cfg global del`

`tsmb-cfg global update`

`tsmb-cfg global list`

`tsmb-cfg global help`

`tsmb-cfg share`

`tsmb-cfg share add`

Mandatory Parameters

Additional Parameters

`tsmb-cfg share del`

`tsmb-cfg share update`

`tsmb-cfg share list`

`tsmb-cfg share help`

`tsmb-cfg help`