none
How the file sharing modes work in Windows File Sharing/SMB? RRS feed

  • Question

  • Hi,

    I want to know how different share modes like share read, share write, share delete, deny read, deny write, deny delete etc. work in Windows File Sharing/SMB. I googled it and also searched in the msdn I did not find anything comprehensive.

    Thanks in advance,

    ~Manoj

    Friday, July 25, 2014 11:12 AM

Answers

  • Hi Manoj,
            
    ShareAccess is documented in MS-CIFS for CIFS/SMB and MS-SMB2 for SMB 2.x/3.x.
    MS-FSA also has algorithms that reference the various sharing modes, perhaps that is of interest as well for its processing.
    The following documents provide information regarding share mode file_share_read, file_share_write and file_share_delete.
    The Win32 CreateFile API also has a description for the parameter.
    See references.

    MS-SMB2

    2.2.13   SMB2 CREATE Request
    http://msdn.microsoft.com/en-us/library/cc246502.aspx
    ShareAccess (4 bytes): Specifies the sharing mode for the open. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE and FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD<29> ignore these values. The field MUST be constructed using a combination of zero or more of the following bit values.
    Value
    Meaning
    FILE_SHARE_READ
    0x00000001
    When set, indicates that other opens are allowed to read this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
    FILE_SHARE_WRITE
    0x00000002
    When set, indicates that other opens are allowed to write this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
    FILE_SHARE_DELETE
    0x00000004
    When set, indicates that other opens are allowed to delete or rename this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.

    MS-CIFS

    2.2.4.64 SMB_COM_NT_CREATE_ANDX (0xA2)
    2.2.4.64.1 Request

    http://msdn.microsoft.com/en-us/library/ee442175.aspxShareAccess (4 bytes): A 32-bit field that specifies how the file SHOULD be shared with other processes. The names in the table below are provided for reference use only. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD ignore these values. The value MUST be FILE_SHARE_NONE or some combination of the other values:
    Name and bitmask
    Meaning
    FILE_SHARE_NONE
    0x00000000
    (No bits set.)Prevents the file from being shared.
    FILE_SHARE_READ
    0x00000001
    Other open operations can be performed on the file for read access.
    FILE_SHARE_WRITE
    0x00000002
    Other open operations can be performed on the file for write access.
    FILE_SHARE_DELETE
    0x00000004
    Other open operations can be performed on the file for delete access.

    MS-FSA algorithms reference file share modes.
    [MS-FSA]: File System Algorithms
    http://msdn.microsoft.com/en-us/library/ff469524.aspx

    Description of dwShareMode paramater of CreateFile function
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
     
    Thanks,
    Edgar

    Friday, July 25, 2014 3:36 PM
    Moderator
  • Manoj,

    From SMB/SMB2 standpoint, the DesiredAccess and ShareAccess fields should be the most relevant to this topic, see MS-CIFS and MS-SMB2 references.

    The OpenFile function documentation describes OF_SHARE_DENY_NONE, OF_SHARE_DENY_READ, and OF_SHARE_DENY_WRITE, which are respectively mapped to FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_SHARE_WRITE, and FILE_SHARE_READ flags of the CreateFile function.

    The following blog entry provides a historical perspective that may help.

    Why is it FILE_SHARE_READ and FILE_SHARE_WRITE anyway?

    http://blogs.msdn.com/b/larryosterman/archive/2004/05/13/131263.aspx

    OpenFile function

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa365430(v=vs.85).aspx

    Description of dwShareMode paramater of CreateFile function

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx

    MS-CIFS

    2.2.4.64.1 Request

    http://msdn.microsoft.com/en-us/library/ee442175.aspx

    DesiredAccess (4 bytes):A 32-bit field of flags that indicate standard, specific, and generic access rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object. If this value is 0x00000000, it represents a request to query the attributes without accessing the file.

    . . . See table of bitmask meaning

    MS-SMB2

    2.2.13 SMB2 CREATE Request

    http://msdn.microsoft.com/en-us/library/cc246502.aspx

    DesiredAccess (4 bytes):The level of access that is required, as specified in section 2.2.13.1.

    2.2.13.1 SMB2 Access Mask Encoding

    http://msdn.microsoft.com/en-us/library/cc246503.aspx

    Thanks,

    Edgar

    Tuesday, July 29, 2014 3:52 PM
    Moderator

All replies

  • Hi Manoj,
            
    ShareAccess is documented in MS-CIFS for CIFS/SMB and MS-SMB2 for SMB 2.x/3.x.
    MS-FSA also has algorithms that reference the various sharing modes, perhaps that is of interest as well for its processing.
    The following documents provide information regarding share mode file_share_read, file_share_write and file_share_delete.
    The Win32 CreateFile API also has a description for the parameter.
    See references.

    MS-SMB2

    2.2.13   SMB2 CREATE Request
    http://msdn.microsoft.com/en-us/library/cc246502.aspx
    ShareAccess (4 bytes): Specifies the sharing mode for the open. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE and FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD<29> ignore these values. The field MUST be constructed using a combination of zero or more of the following bit values.
    Value
    Meaning
    FILE_SHARE_READ
    0x00000001
    When set, indicates that other opens are allowed to read this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
    FILE_SHARE_WRITE
    0x00000002
    When set, indicates that other opens are allowed to write this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.
    FILE_SHARE_DELETE
    0x00000004
    When set, indicates that other opens are allowed to delete or rename this file while this open is present. This bit MUST NOT be set for a named pipe or a printer file. Each open creates a new instance of a named pipe. Likewise, opening a printer file always creates a new file.

    MS-CIFS

    2.2.4.64 SMB_COM_NT_CREATE_ANDX (0xA2)
    2.2.4.64.1 Request

    http://msdn.microsoft.com/en-us/library/ee442175.aspxShareAccess (4 bytes): A 32-bit field that specifies how the file SHOULD be shared with other processes. The names in the table below are provided for reference use only. If ShareAccess values of FILE_SHARE_READ, FILE_SHARE_WRITE, or FILE_SHARE_DELETE are set for a printer file or a named pipe, the server SHOULD ignore these values. The value MUST be FILE_SHARE_NONE or some combination of the other values:
    Name and bitmask
    Meaning
    FILE_SHARE_NONE
    0x00000000
    (No bits set.)Prevents the file from being shared.
    FILE_SHARE_READ
    0x00000001
    Other open operations can be performed on the file for read access.
    FILE_SHARE_WRITE
    0x00000002
    Other open operations can be performed on the file for write access.
    FILE_SHARE_DELETE
    0x00000004
    Other open operations can be performed on the file for delete access.

    MS-FSA algorithms reference file share modes.
    [MS-FSA]: File System Algorithms
    http://msdn.microsoft.com/en-us/library/ff469524.aspx

    Description of dwShareMode paramater of CreateFile function
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
     
    Thanks,
    Edgar

    Friday, July 25, 2014 3:36 PM
    Moderator
  • Hi Edger,

    Thank you very much for responding back so quickly. I really appreciate for that.

    Though there is enough information about Share_Read, Share_Write and Share_Delete. I am not getting any information regarding Deny_Read, Deny_Write and Deny_Delete. Are these also  mentioned in some docs at Microsoft? Otherwise, can someone explain the protocol for Deny_XXXX series modes?

    Regards,

    ~Manoj

    Friday, July 25, 2014 4:56 PM
  • Manoj,

    From SMB/SMB2 standpoint, the DesiredAccess and ShareAccess fields should be the most relevant to this topic, see MS-CIFS and MS-SMB2 references.

    The OpenFile function documentation describes OF_SHARE_DENY_NONE, OF_SHARE_DENY_READ, and OF_SHARE_DENY_WRITE, which are respectively mapped to FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_SHARE_WRITE, and FILE_SHARE_READ flags of the CreateFile function.

    The following blog entry provides a historical perspective that may help.

    Why is it FILE_SHARE_READ and FILE_SHARE_WRITE anyway?

    http://blogs.msdn.com/b/larryosterman/archive/2004/05/13/131263.aspx

    OpenFile function

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa365430(v=vs.85).aspx

    Description of dwShareMode paramater of CreateFile function

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx

    MS-CIFS

    2.2.4.64.1 Request

    http://msdn.microsoft.com/en-us/library/ee442175.aspx

    DesiredAccess (4 bytes):A 32-bit field of flags that indicate standard, specific, and generic access rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object. If this value is 0x00000000, it represents a request to query the attributes without accessing the file.

    . . . See table of bitmask meaning

    MS-SMB2

    2.2.13 SMB2 CREATE Request

    http://msdn.microsoft.com/en-us/library/cc246502.aspx

    DesiredAccess (4 bytes):The level of access that is required, as specified in section 2.2.13.1.

    2.2.13.1 SMB2 Access Mask Encoding

    http://msdn.microsoft.com/en-us/library/cc246503.aspx

    Thanks,

    Edgar

    Tuesday, July 29, 2014 3:52 PM
    Moderator