1SETCIFSACL(1)           CIFS Access Control List Tools           SETCIFSACL(1)
2
3
4

NAME

6       setcifsacl - Userspace helper to alter an ACL in a security descriptor
7       for Common Internet File System (CIFS)
8

SYNOPSIS

10       setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
11

DESCRIPTION

13       This tool is part of the cifs-utils suite.
14
15       setcifsacl is a userspace helper program for the Linux CIFS client file
16       system.  It is intended to alter an ACL of a security descriptor for a
17       file system object.  Whether a security descriptor to be set is applied
18       or not is determined by the CIFS/SMB server.
19
20       This program uses a plugin to handle the mapping of user and group
21       names to SIDs. /etc/cifs-utils/idmap-plugin should be a symlink that
22       points to the correct plugin to use.
23

OPTIONS

25       -h
26           Print usage message and exit.
27       -v
28           Print version number and exit.
29       -a
30           Add one or more ACEs to an ACL of a security descriptor.  An ACE is
31           added even if the same ACE exists in the ACL.
32       -D
33           Delete one or more ACEs from an ACL of a security descriptor.
34           Entire ACE has to match in an existing ACL for the listed ACEs to
35           be deleted.
36       -M
37           Modify one or more ACEs from an ACL of a security descriptor.  SID
38           and type are used to match for existing ACEs to be modified with
39           the list of ACEs specified.
40       -S
41           Set an ACL of security descriptor with the list of ACEs Existing
42           ACL is replaced entirely with the specified ACEs.
43
44       Every ACE entry starts with "ACL:" One or more ACEs are specified
45       within double quotes.  Multiple ACEs are separated by a comma.
46
47       Following fields of an ACE can be modified with possible values:
48
49       SID: Either a name or a raw SID value.
50
51       type: ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED
52       (0x6)
53
54       flags: OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or
55       0x2), NO_PROPAGATE_INHERIT_FLAG (NI or 0x4), INHERIT_ONLY_FLAG (IO or
56       0x8), INHERITED_ACE_FLAG (IA or 0x10) or a combination/OR of these
57       values.
58
59       mask: Either one of FULL, CHANGE, READ, a combination of R W X D P O,
60       or a hex value
61

EXAMPLES

63       Add an ACE
64       setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
65       setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
66
67       Delete an ACE
68       setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
69
70       Modify an ACE
71       setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>
72
73       Set an ACL
74       setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,
75       ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name>
76

NOTES

78       Kernel support for getcifsacl/setcifsacl utilities was initially
79       introduced in the 2.6.37 kernel.
80

SEE ALSO

82       mount.cifs(8), getcifsacl(1)
83

AUTHOR

85       Shirish Pargaonkar wrote the setcifsacl program.
86
87       The Linux CIFS Mailing list is the preferred place to ask questions
88       regarding these programs.
89
90
91
92cifs-utils                        08/19/2011                     SETCIFSACL(1)
Impressum