Penguin
Recent Changes
Annotated edit history of smbcacls(1) version 2, including all changes. View license author blame.
Rev Author # Line
1 perry 1 SMBCACLS
2 !!!SMBCACLS
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 OPTIONS
7 ACL FORMAT
8 EXIT STATUS
9 VERSION
10 AUTHOR
11 ----
12 !!NAME
13
14
15 smbcacls - Set or get ACLs on an NT file or directory names
16 !!SYNOPSIS
17
18
19 __smbcacls //server/share filename__ [[ __-U username__
20 ] [[ __-A acls__ ] [[ __-M acls__ ] [[ __-D acls__ ] [[
21 __-S acls__ ] [[ __-C name__ ] [[ __-G name__ ] [[
22 __-n__ ] [[ __-h__ ]
23 !!DESCRIPTION
24
25
26 This tool is part of the Sambasuite.
27
28
29 The __smbcacls__ program manipulates NT Access Control
30 Lists (ACLs) on SMB file shares.
31 !!OPTIONS
32
33
34 The following options are available to the __smbcacls__
35 program. The format of ACLs is described in the section ACL
36 FORMAT
37
38
39 __-A acls__
40
41
42 Add the ACLs specified to the ACL list. Existing access
43 control entries are unchanged.
44
45
46 __-M acls__
47
48
49 Modify the mask value (permissions) for the ACLs specified
50 on the command line. An error will be printed for each ACL
51 specified that was not already present in the ACL
52 list
53
54
55 __-D acls__
56
57
58 Delete any ACLs specified on the command line. An error will
59 be printed for each ACL specified that was not already
60 present in the ACL list.
61
62
63 __-S acls__
64
65
66 This command sets the ACLs on the file with only the ones
67 specified on the command line. All other ACLs are erased.
68 Note that the ACL specified must contain at least a
69 revision, type, owner and group for the call to
70 succeed.
71
72
73 __-U username__
74
75
76 Specifies a username used to connect to the specified
77 service. The username may be of the form
78 smb.conf'' file is used, or
79 ''
80
81
82 __-C name__
83
84
85 The owner of a file or directory can be changed to the name
86 given using the ''-C'' option. The name can be a sid in
87 the form S-1-x-y-z or a name resolved against the server
88 specified in the first argument.
89
90
91 This command is a shortcut for -M OWNER:name.
92
93
94 __-G name__
95
96
97 The group owner of a file or directory can be changed to the
98 name given using the ''-G'' option. The name can be a sid
99 in the form S-1-x-y-z or a name resolved against the server
100 specified n the first argument.
101
102
103 This command is a shortcut for -M GROUP:name.
104
105
106 __-n__
107
108
109 This option displays all ACL information in numeric format.
110 The default is to convert SIDs to names and ACE types and
111 masks to a readable string format.
112
113
114 __-h__
115
116
117 Print usage information on the __smbcacls__
118 program.
119 !!ACL FORMAT
120
121
122 The format of an ACL is one or more ACL entries separated by
123 either commas or newlines. An ACL entry is one of the
124 following:
125
126
127 REVISION:
128 The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor. If not specified it defaults to 1. Using values other than 1 may cause strange behaviour.
129
130
131 The owner and group specify the owner and group sids for the
132 object. If a SID in the format CWS-1-x-y-z is specified this
133 is used, otherwise the name specified is resolved using the
134 server on which the file or directory resides.
135
136
137 ACLs specify permissions granted to the SID. This SID again
138 can be specified in CWS-1-x-y-z format or as a name in which
139 case it is resolved against the server on which the file or
140 directory resides. The type, flags and mask values determine
141 the type of access granted to the SID.
142
143
144 The type can be either 0 or 1 corresponding to ALLOWED or
145 DENIED access to the SID. The flags values are generally
146 zero for file ACLs and either 9 or 2 for directory ACLs.
147 Some common flags are:
148
149
150 #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
151
152
153 #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
154
155
156 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
157
158
159 #define SEC_ACE_FLAG_INHERIT_ONLY 0x8
160
161
162 At present flags can only be specified as decimal or
163 hexadecimal values.
164
165
166 The mask is a value which expresses the access right granted
167 to the SID. It can be given as a decimal or hexadecimal
168 value, or by using one of the following text strings which
169 map to the NT file permissions of the same
170 name.
171
172
173 __R__ - Allow read access
174
175
176 __W__ - Allow write access
177
178
179 __X__ - Execute permission on the object
180
181
182 __D__ - Delete the object
183
184
185 __P__ - Change permissions
186
187
188 __O__ - Take ownership
189
190
191 The following combined permissions can be
192 specified:
193
194
195 __READ__ - Equivalent to 'RX' permissions
196
197
198 __CHANGE__ - Equivalent to 'RXWD'
199 permissions
200
201
202 __FULL__ - Equivalent to 'RWXDPO'
203 permissions
204 !!EXIT STATUS
205
206
207 The __smbcacls__ program sets the exit status depending
208 on the success or otherwise of the operations performed. The
209 exit status may be one of the following values.
210
211
212 If the operation succeeded, smbcacls returns and exit status
213 of 0. If __smbcacls__ couldn't connect to the specified
214 server, or there was an error getting or setting the ACLs,
215 an exit status of 1 is returned. If there was an error
216 parsing any command line arguments, an exit status of 2 is
217 returned.
218 !!VERSION
219
220
221 This man page is correct for version 2.2 of the Samba
222 suite.
223 !!AUTHOR
224
225
226 The original Samba software and related utilities were
227 created by Andrew Tridgell. Samba is now developed by the
228 Samba Team as an Open Source project similar to the way the
229 Linux kernel is developed.
230
231
232 __smbcacls__ was written by Andrew Tridgell and Tim
233 Potter.
234
235
2 perry 236 The conversion to !DocBook for Samba 2.2 was done by Gerald
1 perry 237 Carter
238 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.