diff options
Diffstat (limited to 'setcifsacl.rst.in')
| -rw-r--r-- | setcifsacl.rst.in | 185 |
1 files changed, 185 insertions, 0 deletions
diff --git a/setcifsacl.rst.in b/setcifsacl.rst.in new file mode 100644 index 0000000..ea981e2 --- /dev/null +++ b/setcifsacl.rst.in @@ -0,0 +1,185 @@ +========== +setcifsacl +========== + +------------------------------------------------------------------------------------------------ +Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS) +------------------------------------------------------------------------------------------------ +:Manual section: 1 + + +******** +SYNOPSIS +******** + + +setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} + + +*********** +DESCRIPTION +*********** + + +This tool is part of the cifs-utils suite. + +\ **setcifsacl**\ is a userspace helper program for the Linux CIFS client +file system. It is intended to alter an ACL of a security descriptor +for a file system object. Whether a security descriptor to be set is +applied or not is determined by the CIFS/SMB server. + +This program uses a plugin to handle the mapping of user and group +names to SIDs. ``@pluginpath@`` should be a symlink that points to the +correct plugin to use. + + +******* +OPTIONS +******* + + + +\ **-h**\ + + Print usage message and exit. + + + +\ **-v**\ + + Print version number and exit. + + + +\ **-a**\ + + Add one or more ACEs to an ACL of a security descriptor. An ACE is + added even if the same ACE exists in the ACL. + + + +\ **-D**\ + + Delete one or more ACEs from an ACL of a security descriptor. Entire + ACE has to match in an existing ACL for the listed ACEs to be deleted. + + + +\ **-M**\ + + Modify one or more ACEs from an ACL of a security descriptor. SID and + type are used to match for existing ACEs to be modified with the list + of ACEs specified. + + + +\ **-S**\ + + Set an ACL of security descriptor with the list of ACEs Existing ACL + is replaced entirely with the specified ACEs. + + Every ACE entry starts with "ACL:" One or more ACEs are specified + within double quotes. Multiple ACEs are separated by a comma. + + Following fields of an ACE can be modified with possible values: + + + \ **SID**\ - Either a name or a raw SID value. + + + + \ **type**\ - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) + + + + \ **flags**\ - OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or + 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) + or a combination/OR of these values. + + + + \ **mask**\ - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value + + + + + + +******** +EXAMPLES +******** + + +Add an ACE +========== + + + +.. code-block:: perl + + setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name> + setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name> + + + +Delete an ACE +============= + + + +.. code-block:: perl + + setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name> + + + +Modify an ACE +============= + + + +.. code-block:: perl + + setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name> + + + +Set an ACL +========== + + + +.. code-block:: perl + + setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name> + + + + +***** +NOTES +***** + + +Kernel support for getcifsacl/setcifsacl utilities was initially +introduced in the 2.6.37 kernel. + + +******** +SEE ALSO +******** + + +mount.cifs(8), getcifsacl(1) + + +****** +AUTHOR +****** + + +Shirish Pargaonkar wrote the setcifsacl program. + +The Linux CIFS Mailing list is the preferred place to ask questions +regarding these programs. + |