readme: mention --shr-who (#1367)

Signed-off-by: TWhiteShadow <123359049+TWhiteShadow@users.noreply.github.com>
2026-03-21 23:53:00 +10:00 · 2026-03-19 02:15:51 +01:00
parent e71e1900b4
commit 4688410f8f
1 changed files with 2 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -1006,6 +1006,8 @@ specify `--shr /foobar` to enable this feature; a toplevel virtual folder named

 users can delete their own shares in the controlpanel, and a list of privileged users (`--shr-adm`) are allowed to see and/or delet any share on the server

+the volflag `--shr-who` lets you control who can create a share from that volume, either `no` (nobody), `a` (people with admin permission), or `auth` (people who are logged in) 
+
 after a share has expired, it remains visible in the controlpanel for `--shr-rt` minutes (default is 1 day), and the owner can revive it by extending the expiration time there

 **security note:** using this feature does not mean that you can skip the [accounts and volumes](#accounts-and-volumes) section -- you still need to restrict access to volumes that you do not intend to share with unauthenticated users! it is not sufficient to use rules in the reverseproxy to restrict access to just the `/share` folder.