1SETCIFSACL(1)                                                    SETCIFSACL(1)
2
3
4

NAME

6       setcifsacl  - Userspace helper to alter an ACL in a security descriptor
7       for Common Internet File System (CIFS)
8

SYNOPSIS

10       setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
11

DESCRIPTION

13       This tool is part of the cifs-utils suite.
14
15       setcifsacl is a userspace helper program for the Linux CIFS client file
16       system.   It is intended to alter an ACL of a security descriptor for a
17       file system object.  Whether a security descriptor to be set is applied
18       or not is determined by the CIFS/SMB server.
19
20       This  program  uses  a  plugin  to handle the mapping of user and group
21       names to SIDs.  /etc/cifs-utils/idmap-plugin  should be a symlink  that
22       points to the correct plugin to use.
23

OPTIONS

25       -h
26          Print usage message and exit.
27
28       -v
29          Print version number and exit.
30
31       -a
32          Add  one or more ACEs to an ACL of a security descriptor.  An ACE is
33          added even if the same ACE exists in the ACL.
34
35       -D
36          Delete one or more ACEs  from  an  ACL  of  a  security  descriptor.
37          Entire ACE has to match in an existing ACL for the listed ACEs to be
38          deleted.
39
40       -M
41          Modify one or more ACEs from an ACL of a security  descriptor.   SID
42          and type are used to match for existing ACEs to be modified with the
43          list of ACEs specified.
44
45       -S
46          Set an ACL of security descriptor with the list of ACEs Existing ACL
47          is replaced entirely with the specified ACEs.
48
49          Every  ACE  entry  starts with "ACL:" One or more ACEs are specified
50          within double quotes.  Multiple ACEs are separated by a comma.
51
52          Following fields of an ACE can be modified with possible values:
53
54          SID - Either a name or a raw SID value.
55
56          type  -  ALLOWED  (0x0),   DENIED   (0x1),   OBJECT_ALLOWED   (0x5),
57          OBJECT_DENIED (0x6)
58
59          flags  - OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI
60          or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI  or  0x4),  INHERIT_ONLY_FLAG
61          (IO  or 0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of
62          these values.
63
64          mask - Either one of FULL, CHANGE, READ, a combination of R W X D  P
65          O, or a hex value
66

EXAMPLES

68   Add an ACE
69          setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
70          setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
71
72   Delete an ACE
73          setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
74
75   Modify an ACE
76          setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>
77
78   Set an ACL
79          setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name>
80

NOTES

82       Kernel support for getcifsacl/setcifsacl utilities was initially intro‐
83       duced in the 2.6.37 kernel.
84

SEE ALSO

86       mount.cifs(8), getcifsacl(1)
87

AUTHOR

89       Shirish Pargaonkar wrote the setcifsacl program.
90
91       The Linux CIFS Mailing list is the preferred  place  to  ask  questions
92       regarding these programs.
93
94
95
96
97                                                                 SETCIFSACL(1)
Impressum