|
|
Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote
|
|
SETCIFSACL(1) CIFS Access Control List Tools SETCIFSACL(1) NAME
setcifsacl - Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS) SYNOPSIS
setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} DESCRIPTION
This tool is part of the cifs-utils suite. setcifsacl is a userspace helper program for the Linux CIFS client file system. It is intended to alter an ACL of a security descriptor for a file system object. It is best utilized when an option of cifsacl is specified when mounting a cifs share in conjunction with winbind facility of Samba suite. Whether a security descriptor to be set is applied or not is determined by the CIFS/SMB server. OPTIONS
-v Print version number and exit. -a Add one or more ACEs to an ACL of a security descriptor. An ACE is added even if the same ACE exists in the ACL. -D Delete one or more ACEs from an ACL of a security descriptor. Entire ACE has to match in an existing ACL for the listed ACEs to be deleted. -M Modify one or more ACEs from an ACL of a security descriptor. SID and type are used to match for existing ACEs to be modified with the list of ACEs specified. -S Set an ACL of security descriptor with the list of ACEs Existing ACL is replaced entirely with the specified ACEs. Every ACE entry starts with "ACL:" One or more ACEs are specified within double quotes. Multiple ACEs are separated by a comma. Following fields of an ACE can be modified with possible values: SID: Either a name or a raw SID value. type: ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these values. mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value EXAMPLES
Add an ACE setcifsacl -a "ACL:CIFSTESTDOMuser2:DENIED/0x1/D" <file_name> setcifsacl -a "ACL:CIFSTESTDOMuser1:ALLOWED/OI|CI|NI/D" <file_name> Delete an ACE setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name> Modify an ACE setcifsacl -M "ACL:CIFSTESTDOMuser1:ALLOWED/0x1f/CHANGE" <file_name> Set an ACL setcifsacl -S "ACL:CIFSTESTDOMAdministrator:0x0/0x0/FULL, ACL:CIFSTESTDOMuser2:0x0/0x0/FULL," <file_name> NOTES
Kernel support for getcifsacl/setcifsacl utilities was initially introduced in the 2.6.37 kernel. SEE ALSO
mount.cifs(8), winbindd(8), getcifsacl(1) AUTHOR
Shirish Pargaonkar wrote the setcifsacl program. The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs. cifs-utils 08/19/2011 SETCIFSACL(1)
