1SETCIFSACL(1) CIFS Access Control List Tools SETCIFSACL(1)
2
3
4
6 setcifsacl - Userspace helper to alter an ACL in a security descriptor
7 for Common Internet File System (CIFS)
8
10 setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
11
13 This tool is part of the cifs-utils suite.
14
15 setcifsacl is a userspace helper program for the Linux CIFS client file
16 system. It is intended to alter an ACL of a security descriptor for a
17 file system object. It is best utilized when an option of cifsacl is
18 specified when mounting a cifs share in conjunction with winbind
19 facility of Samba suite. Whether a security descriptor to be set is
20 applied or not is determined by the CIFS/SMB server.
21
23 -h
24 Print usage message and exit.
25 -v
26 Print version number and exit.
27 -a
28 Add one or more ACEs to an ACL of a security descriptor. An ACE is
29 added even if the same ACE exists in the ACL.
30 -D
31 Delete one or more ACEs from an ACL of a security descriptor.
32 Entire ACE has to match in an existing ACL for the listed ACEs to
33 be deleted.
34 -M
35 Modify one or more ACEs from an ACL of a security descriptor. SID
36 and type are used to match for existing ACEs to be modified with
37 the list of ACEs specified.
38 -S
39 Set an ACL of security descriptor with the list of ACEs Existing
40 ACL is replaced entirely with the specified ACEs.
41
42 Every ACE entry starts with "ACL:" One or more ACEs are specified
43 within double quotes. Multiple ACEs are separated by a comma.
44
45 Following fields of an ACE can be modified with possible values:
46
47 SID: Either a name or a raw SID value.
48
49 type: ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED
50 (0x6)
51
52 flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or
53 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or
54 0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these
55 values.
56
57 mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O,
58 or a hex value
59
61 mount.cifs(8), winbindd(8), getcifsacl(1)
62
64 Add an ACE
65 setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
66 setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
67
68 Delete an ACE
69 setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
70
71 Modify an ACE
72 setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>
73
74 Set an ACL
75 setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,
76 ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name>
77
79 Shirish Pargaonkar wrote the setcifsacl program.
80
81 The Linux CIFS Mailing list is the preferred place to ask questions
82 regarding these programs.
83
84
85
86cifs-utils 08/19/2011 SETCIFSACL(1)