Unix/Linux Go Back    


RedHat 9 (Linux i386) - man page for smbcacls (redhat section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


SMBCACLS(1)									      SMBCACLS(1)

NAME
       smbcacls - Set or get ACLs on an NT file or directory names

SYNOPSIS
       smbcacls //server/share filename [ -U username ]  [ -A acls ]  [ -M acls ]  [ -D acls ]	[
       -S acls ]  [ -C name ]  [ -G name ]  [ -n ]  [ -h ]

DESCRIPTION
       This tool is part of the  Samba suite.

       The smbcacls program manipulates NT Access Control Lists (ACLs) on SMB file shares.

OPTIONS
       The following options are available to the  smbcacls  program.	The  format  of  ACLs  is
       described in the section ACL FORMAT

       -A acls
	      Add  the	ACLs  specified  to  the  ACL  list.  Existing access control entries are
	      unchanged.

       -M acls
	      Modify the mask value (permissions) for the ACLs specified on the command line.  An
	      error  will  be  printed for each ACL specified that was not already present in the
	      ACL list

       -D acls
	      Delete any ACLs specified on the command line.  An error will be printed	for  each
	      ACL specified that was not already present in the ACL list.

       -S acls
	      This  command sets the ACLs on the file with only the ones specified on the command
	      line. All other ACLs are erased. Note that the ACL specified must contain at  least
	      a revision, type, owner and group for the call to succeed.

       -U username
	      Specifies  a username used to connect to the specified service. The username may be
	      of the form "username" in which case the user is prompted to enter  in  a  password
	      and the workgroup specified in the smb.conf file is used, or "username%password" or
	      "DOMAIN\username%password" and the password and workgroup names are  used  as  pro-
	      vided.

       -C name
	      The  owner  of  a  file  or directory can be changed to the name given using the -C
	      option.  The name can be a sid in the form S-1-x-y-z or a name resolved against the
	      server specified in the first argument.

	      This command is a shortcut for -M OWNER:name.

       -G name
	      The  group  owner of a file or directory can be changed to the name given using the
	      -G option. The name can be a sid in the form S-1-x-y-z or a name	resolved  against
	      the server specified n the first argument.

	      This command is a shortcut for -M GROUP:name.

       -n     This  option displays all ACL information in numeric format. The default is to con-
	      vert SIDs to names and ACE types and masks to a readable string format.

       -h     Print usage information on the smbcacls program.

ACL FORMAT
       The format of an ACL is one or more ACL entries separated by either commas or newlines. An
       ACL entry is one of the following:

       REVISION:<revision number>
       OWNER:<sid or name>
       GROUP:<sid or name>
       ACL:<sid or name>:<type>/<flags>/<mask>

       The  revision  of  the ACL specifies the internal Windows NT ACL revision for the security
       descriptor.  If not specified it defaults to 1.	Using  values  other  than  1  may  cause
       strange behaviour.

       The  owner and group specify the owner and group sids for the object. If a SID in the for-
       mat CWS-1-x-y-z is specified this is used, otherwise the name specified is resolved  using
       the server on which the file or directory resides.

       ACLs specify permissions granted to the SID. This SID again can be specified in CWS-1-x-y-
       z format or as a name in which case it is resolved against the server on which the file or
       directory resides. The type, flags and mask values determine the type of access granted to
       the SID.

       The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to  the	SID.  The
       flags  values  are generally zero for file ACLs and either 9 or 2 for directory ACLs. Some
       common flags are:

       o #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1

       o #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2

       o #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4

       o #define SEC_ACE_FLAG_INHERIT_ONLY 0x8

       At present flags can only be specified as decimal or hexadecimal values.

       The mask is a value which expresses the access right granted to the SID. It can	be  given
       as a decimal or hexadecimal value, or by using one of the following text strings which map
       to the NT file permissions of the same name.

       o R - Allow read access

       o W - Allow write access

       o X - Execute permission on the object

       o D - Delete the object

       o P - Change permissions

       o O - Take ownership

       The following combined permissions can be specified:

       o READ - Equivalent to 'RX' permissions

       o CHANGE - Equivalent to 'RXWD' permissions

       o FULL - Equivalent to 'RWXDPO' permissions

EXIT STATUS
       The smbcacls program sets the exit status depending on the success  or  otherwise  of  the
       operations performed.  The exit status may be one of the following values.

       If  the	operation  succeeded, smbcacls returns and exit status of 0. If smbcacls couldn't
       connect to the specified server, or there was an error getting or  setting  the	ACLs,  an
       exit status of 1 is returned. If there was an error parsing any command line arguments, an
       exit status of 2 is returned.

VERSION
       This man page is correct for version 2.2 of the Samba suite.

AUTHOR
       The original Samba software and related utilities were created by Andrew  Tridgell.  Samba
       is  now developed by the Samba Team as an Open Source project similar to the way the Linux
       kernel is developed.

       smbcacls was written by Andrew Tridgell and Tim Potter.

       The conversion to DocBook for Samba 2.2 was done by Gerald Carter

					 19 November 2002			      SMBCACLS(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 08:10 PM.