*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> smbcacls.1 (1)              
Title
Content
Arch
Section
 

Contents


     SMBCACLS(1)     UNIX System V (19 November	2002)	   SMBCACLS(1)



     NAME    [Toc]    [Back]
	  smbcacls - Set or get	ACLs on	an NT file or directory	names

     SYNOPSIS    [Toc]    [Back]
	  smbcacls //server/share filename [ -U	username ]  [ -A acls
	  ]  [ -M acls ]  [ -D acls ]  [ -S acls ]  [ -C name ]	 [ -G
	  name ]  [ -n ]  [ -h ]

     DESCRIPTION    [Toc]    [Back]
	  This tool is part of the  Samba suite.

	  The smbcacls program manipulates NT Access Control Lists
	  (ACLs) on SMB	file shares.

     OPTIONS    [Toc]    [Back]
	  The following	options	are available to the smbcacls program.
	  The format of	ACLs is	described in the section ACL FORMAT

	  -A acls
	       Add the ACLs specified to the ACL list. Existing	access
	       control entries are unchanged.

	  -M acls
	       Modify the mask value (permissions) for the ACLs
	       specified on the	command	line. An error will be printed
	       for each	ACL specified that was not already present in
	       the ACL list

	  -D acls
	       Delete any ACLs specified on the	command	line. An error
	       will be printed for each	ACL specified that was not
	       already present in the ACL list.

	  -S acls
	       This command sets the ACLs on the file with only	the
	       ones specified on the command line. All other ACLs are
	       erased. Note that the ACL specified must	contain	at
	       least a revision, type, owner and group for the call to
	       succeed.

	  -U username
	       Specifies a username used to connect to the specified
	       service.	The username may be of the form	"username" in
	       which case the user is prompted to enter	in a password
	       and the workgroup specified in the smb.conf file	is
	       used, or	"username%password" or
	       "DOMAIN\username%password" and the password and
	       workgroup names are used	as provided.

	  -C name
	       The owner of a file or directory	can be changed to the
	       name given using	the -C option. The name	can be a sid



     Page 1					     (printed 2/13/04)






     SMBCACLS(1)     UNIX System V (19 November	2002)	   SMBCACLS(1)



	       in the form S-1-x-y-z or	a name resolved	against	the
	       server specified	in the first argument.

	       This command is a shortcut for -M OWNER:name.

	  -G name
	       The group owner of a file or directory can be changed
	       to the name given using the -G option. The name can be
	       a sid in	the form S-1-x-y-z or a	name resolved against
	       the server specified n the first	argument.

	       This command is a shortcut for -M GROUP:name.

	  -n   This option displays all	ACL information	in numeric
	       format. The default is to convert SIDs to names and ACE
	       types and masks to a readable string format.

	  -h   Print usage information on the smbcacls program.

     ACL FORMAT    [Toc]    [Back]
	  The format of	an ACL is one or more ACL entries separated by
	  either commas	or newlines. An	ACL entry is one of the
	  following:


	  REVISION:<revision number>
	  OWNER:<sid or	name>
	  GROUP:<sid or	name>
	  ACL:<sid or name>:<type>/<flags>/<mask>



	  The revision of the ACL specifies the	internal Windows NT
	  ACL revision for the security	descriptor. If not specified
	  it defaults to 1. Using values other than 1 may cause
	  strange behaviour.

	  The owner and	group specify the owner	and group sids for the
	  object. If a SID in the format CWS-1-x-y-z is	specified this
	  is used, otherwise the name specified	is resolved using the
	  server on which the file or directory	resides.

	  ACLs specify permissions granted to the SID. This SID	again
	  can be specified in CWS-1-x-y-z format or as a name in which
	  case it is resolved against the server on which the file or
	  directory resides. The type, flags and mask values determine
	  the type of access granted to	the SID.

	  The type can be either 0 or 1	corresponding to ALLOWED or
	  DENIED access	to the SID. The	flags values are generally
	  zero for file	ACLs and either	9 or 2 for directory ACLs.
	  Some common flags are:



     Page 2					     (printed 2/13/04)






     SMBCACLS(1)     UNIX System V (19 November	2002)	   SMBCACLS(1)



	  o #define SEC_ACE_FLAG_OBJECT_INHERIT	0x1

	  o #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2

	  o #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4

	  o #define SEC_ACE_FLAG_INHERIT_ONLY 0x8

	  At present flags can only be specified as decimal or
	  hexadecimal values.

	  The mask is a	value which expresses the access right granted
	  to the SID. It can be	given as a decimal or hexadecimal
	  value, or by using one of the	following text strings which
	  map to the NT	file permissions of the	same name.

	  o R -	Allow read access

	  o W -	Allow write access

	  o X -	Execute	permission on the object

	  o D -	Delete the object

	  o P -	Change permissions

	  o O -	Take ownership

	  The following	combined permissions can be specified:

	  o READ - Equivalent to 'RX' permissions

	  o CHANGE - Equivalent	to 'RXWD' permissions

	  o FULL - Equivalent to 'RWXDPO' permissions

     EXIT STATUS    [Toc]    [Back]
	  The smbcacls program sets the	exit status depending on the
	  success or otherwise of the operations performed. The	exit
	  status may be	one of the following values.

	  If the operation succeeded, smbcacls returns and exit	status
	  of 0.	If smbcacls couldn't connect to	the specified server,
	  or there was an error	getting	or setting the ACLs, an	exit
	  status of 1 is returned. If there was	an error parsing any
	  command line arguments, an exit status of 2 is returned.

     VERSION    [Toc]    [Back]
	  This man page	is correct for version 2.2 of the Samba	suite.

     AUTHOR    [Toc]    [Back]
	  The original Samba software and related utilities were



     Page 3					     (printed 2/13/04)






     SMBCACLS(1)     UNIX System V (19 November	2002)	   SMBCACLS(1)



	  created by Andrew Tridgell. Samba is now developed by	the
	  Samba	Team as	an Open	Source project similar to the way the
	  Linux	kernel is developed.

	  smbcacls was written by Andrew Tridgell and Tim Potter.

	  The conversion to DocBook for	Samba 2.2 was done by Gerald
	  Carter















































     Page 4					     (printed 2/13/04)



[ Back ]
 Similar pages
Name OS Title
setacl HP-UX modify access control lists (ACLs) for files (JFS File Systems only)
getacl HP-UX list access control lists (ACLs) for files (JFS File Systems only)
list_directory HP-UX Displays a list of all the directories whose names match the specified directory name
ff_vxfs HP-UX fast find: list file names and statistics for a VxFS file system
acl_edit HP-UX Edits or lists an object's ACLs
ff_hfs HP-UX list file names and statistics for HFS file system
ff HP-UX list file names and statistics for a file system
convertfs HP-UX convert an HFS file system to allow long file names
convertfs_hfs HP-UX convert an HFS file system to allow long file names
aclv HP-UX introduction to JFS access control lists (ACLs)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service