diff options
| author | Gerald Carter <jerry@samba.org> | 2001-02-23 04:34:24 +0000 | 
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2001-02-23 04:34:24 +0000 | 
| commit | b58b856db5c5c2583a4bbe24ab39726efefb18a6 (patch) | |
| tree | 6bec93ee6bfb51723e3ad118621c7c8b6d1fdcab /docs/htmldocs/smbcacls.1.html | |
| parent | ed77fca1990f96dba6fe9204e551056395c6ed29 (diff) | |
| download | samba-b58b856db5c5c2583a4bbe24ab39726efefb18a6.tar.gz samba-b58b856db5c5c2583a4bbe24ab39726efefb18a6.tar.bz2 samba-b58b856db5c5c2583a4bbe24ab39726efefb18a6.zip | |
more updates.  Conversion almost done.  2 more man pages
(then all the ASCII stuff)
(This used to be commit 7247027e833616bfe9350253cc1e6cdb236b2cdf)
Diffstat (limited to 'docs/htmldocs/smbcacls.1.html')
| -rw-r--r-- | docs/htmldocs/smbcacls.1.html | 531 | 
1 files changed, 374 insertions, 157 deletions
| diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html index e75a5741e5..36f570f2a0 100644 --- a/docs/htmldocs/smbcacls.1.html +++ b/docs/htmldocs/smbcacls.1.html @@ -1,161 +1,378 @@ - - - - -<html><head><title>smbcacls (1)</title> - -</head> -<body> - -<hr> - -<h1>smbcacls (1)</h1> -<h2>Samba</h2> -<h2>22 Dec 2000</h2> - - -     -<p><a name="NAME"></a> -<h2>NAME</h2> -    smbcacls - Set or get ACLs on an NT file or directory  -<p><a name="SYNOPSIS"></a> -<h2>SYNOPSIS</h2> -      -<p><strong>smbcacls</strong> //server/share filename [<a href="smbcacls.1.html#minusU">-U username</a>] -[<a href="smbcacls.1.html#minusA">-A acls</a>] [<a href="smbcacls.1.html#minusM">-M acls</a>]  -[<a href="smbcacls.1.html#minusD">-D acls</a>] [<a href="smbcacls.1.html#minusS">-S acls</a>]  -[<a href="smbcacls.1.html#minusC">-C name</a>] [<a href="smbcacls.1.html#minusG">-G name</a>] -[<a href="smbcacls.1.html#minusn">-n</a>] [<a href="smbcacls.1.html#minush">-h</a>] -<p><a name="DESCRIPTION"></a> -<h2>DESCRIPTION</h2> -     -<p>The <strong>smbcacls</strong> program manipulates NT Access Control Lists (ACLs) on -SMB file shares. -<p><a name="OPTIONS"></a> -<h2>OPTIONS</h2> -     -<p>The following options are available to the <strong>smbcacls</strong> program.  The -format of ACLs is described in the section <a href="smbcacls.1.html#ACLFORMAT">ACL FORMAT</a> -<p><dl> -<p><a name="minusA"></a> -<p></p><dt><strong><strong>-A acls</strong></strong><dd> -<p>Add the ACLs specified to the ACL list.  Existing access control entries -are unchanged. -<p><a name="minusM"></a> -<p></p><dt><strong><strong>-M acls</strong></strong><dd> -<p>Modify the mask value (permissions) for the ACLs specified on the command -line.  An error will be printed for each ACL specified that was not already -present in the ACL list. -<p><a name="minusD"></a> -<p></p><dt><strong><strong>-D acls</strong></strong><dd> -<p>Delete any ACLs specfied on the command line.  An error will be printed for -each ACL specified that was not already present in the ACL list. -<p><a name="minusS"></a> -<p></p><dt><strong><strong>-S acls</strong></strong><dd> -<p>This command sets the ACLs on the file with only the ones specified on the -command line.  All other ACLs are erased.  Note that the ACL specified must -contain at least a revision, type, owner and group for the call to succeed. -<p><a name="minusU"></a> -<p></p><dt><strong><strong>-U username</strong></strong><dd> -<p>Specifies a username used to connect to the specified service.  The -username may be of the form <code>username</code> in which case the user is -prompted to enter in a password and the workgroup specified in the -<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file is used, or <code>username%password</code> -or <code>DOMAIN\username%password</code> and the password and workgroup names are -used as provided. -<p><a name="minusC"></a> -<p></p><dt><strong><strong>-C name</strong></strong><dd> -<p>The owner of a file or directory can be changed to the name given -using the -C option.  The name can be a sid in the form <code>S-1-x-y-z</code> or a -name resolved against the server specified in the first argument. -<p>This command is a shortcut for <code>-M OWNER:name</code>. -<p><a name="minusG"></a> -<p></p><dt><strong><strong>-G name</strong></strong><dd> -<p>The group owner of a file or directory can be changed to the name given -using the -G option.  The name can be a sid in the form <code>S-1-x-y-z</code> or a -name resolved against the server specified in the first argument. -<p>This command is a shortcut for <code>-M GROUP:name</code>. -<p><a name="minusn"></a> -<p></p><dt><strong><strong>-n</strong></strong><dd> -<p>This option displays all ACL information in numeric format.  The default is -to convert SIDs to names and ACE types and masks to a readable string -format.  -<p><a name="minush"></a> -<p></p><dt><strong><strong>-h</strong></strong><dd> -<p>Print usage information on the <strong>smbcacls</strong> program -<p></dl> -<p><a name="ACLFORMAT"></a> -<h2>ACL FORMAT</h2> -     -<p>The format of an ACL is one or more ACL entries separated by either  -commas or newlines.  An ACL entry is one of the following: -<p><pre> +<HTML +><HEAD +><TITLE +>smbcacls</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="SMBCACLS" +>smbcacls</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>smbcacls -- Set or get ACLs on an NT file or directory names</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>nmblookup</B +>  {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN22" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +>	Samba</A +> suite.</P +><P +>The smbcacls program manipulates NT Access Control Lists  +	(ACLs) on SMB file shares. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN27" +></A +><H2 +>OPTIONS</H2 +><P +>The following options are available to the smbcacls program.   +	The format of ACLs is described in the section ACL FORMAT </P +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-A acls</DT +><DD +><P +>Add the ACLs specified to the ACL list.  Existing  +		access control entries are unchanged. </P +></DD +><DT +>-M acls</DT +><DD +><P +>Modify the mask value (permissions) for the ACLs  +		specified on the command line.  An error will be printed for each  +		ACL specified that was not already present in the ACL list +		</P +></DD +><DT +>-D acls</DT +><DD +><P +>Delete any ACLs specfied on the command line.   +		An error will be printed for each ACL specified that was not  +		already present in the ACL list. </P +></DD +><DT +>-S acls</DT +><DD +><P +>This command sets the ACLs on the file with  +		only the ones specified on the command line.  All other ACLs are  +		erased.  Note that the ACL specified must contain at least a revision,  +		type, owner and group for the call to succeed. </P +></DD +><DT +>-U username</DT +><DD +><P +>Specifies a username used to connect to the  +		specified service.  The username may be of the form "username" in  +		which case the user is prompted to enter in a password and the  +		workgroup specified in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file is  +		used, or "username%password"  or "DOMAIN\username%password" and the  +		password and workgroup names are used as provided. </P +></DD +><DT +>-C name</DT +><DD +><P +>The owner of a file or directory can be changed  +		to the name given using the <TT +CLASS="PARAMETER" +><I +>-C</I +></TT +> option.   +		The name can be a sid in the form S-1-x-y-z or a name resolved  +		against the server specified in the first argument. </P +><P +>This command is a shortcut for -M OWNER:name.  +		</P +></DD +><DT +>-G name</DT +><DD +><P +>The group owner of a file or directory can  +		be changed to the name given using the <TT +CLASS="PARAMETER" +><I +>-G</I +></TT +>  +		option.  The name can be a sid in the form S-1-x-y-z or a name  +		resolved against the server specified n the first argument. +		</P +><P +>This command is a shortcut for -M GROUP:name.</P +></DD +><DT +>-n</DT +><DD +><P +>This option displays all ACL information in numeric  +		format.  The default is to convert SIDs to names and ACE types  +		and masks to a readable string format.  </P +></DD +><DT +>-h</DT +><DD +><P +>Print usage information on the <B +CLASS="COMMAND" +>smbcacls +		</B +> program.</P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN73" +></A +><H2 +>ACL FORMAT</H2 +><P +>The format of an ACL is one or more ACL entries separated by  +	either commas or newlines.  An ACL entry is one of the following: </P +><P +><PRE +CLASS="PROGRAMLISTING" +>   REVISION:<revision number>  OWNER:<sid or name>  GROUP:<sid or name>  ACL:<sid or name>:<type>/<flags>/<mask> -</pre> - -<p>The revision of the ACL specifies the internal Windows NT ACL revision for -the security descriptor.  If not specified it defaults to 1.  Using values -other than 1 may cause strange behaviour. -<p>The owner and group specify the owner and group sids for the object.  If a -SID in the format <code>S-1-x-y-z</code> is specified this is used, otherwise -the name specified is resolved using the server on which the file or -directory resides. -<p>ACLs specify permissions granted to the SID.  This SID again can be -specified in <code>S-1-x-y-z</code> format or as a name in which case it is resolved -against the server on which the file or directory resides.  The type, flags -and mask values determine the type of access granted to the SID. -<p>The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to -the SID.  The flags values are generally zero for file ACLs and either 9 or -2 for directory ACLs.  Some common flags are: -<p><pre> -#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1 -#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2 -#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4 -#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8 -</pre> - -<p>At present flags can only be specified as decimal or hexadecimal values.  -<p>The mask is a value which expresses the access right granted to the SID. -It can be given as a decimal or hexadecimal value, or by using one of the -following text strings which map to the NT file permissions of the same -name. -<p><dl> -<p><p></p><dt><strong></strong><dd> <code>R</code> 	Allow read access -<p><p></p><dt><strong></strong><dd> <code>W</code> 	Allow write access -<p><p></p><dt><strong></strong><dd> <code>X</code> 	Execute permission on the object -<p><p></p><dt><strong></strong><dd> <code>D</code> 	Delete the object -<p><p></p><dt><strong></strong><dd> <code>P</code> 	Change permissions -<p><p></p><dt><strong></strong><dd> <code>O</code>	Take ownership -<p></dl> -<p>The following combined permissions can be specified: -<p><dl> -<p><p></p><dt><strong></strong><dd> <code>READ</code>	  -<p>Equivalent to <code>RX</code> permissions -<p><p></p><dt><strong></strong><dd> <code>CHANGE</code>  -<p>Equivalent to <code>RXWD</code> permissions -<p><p></p><dt><strong></strong><dd> <code>FULL</code>    -<p>Equivalent to <code>RWXDPO</code> permissions -<p></dl> -<p><a name="EXITSTATUS"></a> -<h2>EXIT STATUS</h2> -     -<p>The <strong>smbcacls</strong> program sets the exit status depending on the success or -otherwise of the operations performed.  The exit status may be one of the -following values. -<p>If the operation succeded, <strong>smbcacls</strong> returns and exit status of 0.  If -<strong>smbcacls</strong> couldn't connect to the specified server, or there was an -error getting or setting the ACLs, an exit status of 1 is returned.  If -there was an error parsing any command line arguments, an exit status of 2 -is returned. -<p><a name="AUTHOR"></a> -<h2>AUTHOR</h2> -     -<p>The original Samba software and related utilities were created by -Andrew Tridgell. Samba is now developed by the Samba Team as an Open -Source project. -<p><strong>smbcacls</strong> was written by Andrew Tridgell and Tim Potter. -</body> -</html> +	</PRE +></P +><P +>The revision of the ACL specifies the internal Windows  +	NT ACL revision for the security descriptor.   +	If not specified it defaults to 1.  Using values other than 1 may  +	cause strange behaviour. </P +><P +>The owner and group specify the owner and group sids for the  +	object.  If a SID in the format CWS-1-x-y-z is specified this is used,  +	otherwise the name specified is resolved using the server on which  +	the file or directory resides. </P +><P +>ACLs specify permissions granted to the SID.  This SID again  +		can be specified in CWS-1-x-y-z format or as a name in which case  +		it is resolved against the server on which the file or directory  +		resides.  The type, flags and mask values determine the type of  +		access granted to the SID. </P +><P +>The type can be either 0 or 1 corresponding to ALLOWED or  +		DENIED access to the SID.  The flags values are generally +		zero for file ACLs and either 9 or 2 for directory ACLs.  Some  +		common flags are: </P +><P +></P +><UL +><LI +><P +>#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</P +></LI +><LI +><P +>#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</P +></LI +><LI +><P +>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4 +			</P +></LI +><LI +><P +>#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</P +></LI +></UL +><P +>At present flags can only be specified as decimal or  +	hexadecimal values.</P +><P +>The mask is a value which expresses the access right  +	granted to the SID. It can be given as a decimal or hexadecimal value,  +	or by using one of the following text strings which map to the NT  +	file permissions of the same name. </P +><P +></P +><UL +><LI +><P +><I +CLASS="EMPHASIS" +>R</I +> - Allow read access </P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>W</I +> - Allow write access</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>X</I +> - Execute permission on the object</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>D</I +> - Delete the object</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>P</I +> - Change permissions</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>O</I +> - Take ownership</P +></LI +></UL +><P +>The following combined permissions can be specified:</P +><P +></P +><UL +><LI +><P +><I +CLASS="EMPHASIS" +>READ</I +> -  Equivalent to 'RX' +		permissions</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>CHANGE</I +> - Equivalent to 'RXWD' permissions +		</P +></LI +><LI +><P +><I +CLASS="EMPHASIS" +>FULL</I +> - Equivalent to 'RWXDPO'  +		permissions</P +></LI +></UL +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN123" +></A +><H2 +>EXIT STATUS</H2 +><P +>The <B +CLASS="COMMAND" +>smbcacls</B +> program sets the exit status  +	depending on the success or otherwise of the operations performed.   +	The exit status may be one of the following values. </P +><P +>If the operation succeded, smbcacls returns and exit  +	status of 0.  If smbcacls couldn't connect to the specified server,  +	or there was an error getting or setting the ACLs, an exit status  +	of 1 is returned.  If there was an error parsing any command line  +	arguments, an exit status of 2 is returned. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN128" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 2.2 of  +	the Samba suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN131" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities  +	were created by Andrew Tridgell. Samba is now developed +	by the Samba Team as an Open Source project similar  +	to the way the Linux kernel is developed.</P +><P +><B +CLASS="COMMAND" +>smbcacls</B +> was written by Andrew Tridgell  +	and Tim Potter.</P +><P +>The conversion to DocBook for Samba 2.2 was done  +	by Gerald Carter</P +></DIV +></BODY +></HTML +>
\ No newline at end of file | 
