diff options
| author | Tim Potter <tpot@samba.org> | 2000-12-21 23:33:57 +0000 |
|---|---|---|
| committer | Tim Potter <tpot@samba.org> | 2000-12-21 23:33:57 +0000 |
| commit | f6345168364c57d58267a4a12424090fe5bccf4c (patch) | |
| tree | 3c554af60634921e30786679e9059c47950981b5 /docs/yodldocs | |
| parent | 2db833d5f1d6ecf7ee1c0d30437a2bdaa95c3fff (diff) | |
| download | samba-f6345168364c57d58267a4a12424090fe5bccf4c.tar.gz samba-f6345168364c57d58267a4a12424090fe5bccf4c.tar.bz2 samba-f6345168364c57d58267a4a12424090fe5bccf4c.zip | |
Documentation updates for smbcacls program.
(This used to be commit f9450cd7b7352a206dc05d8ad2a7b86a2586b892)
Diffstat (limited to 'docs/yodldocs')
| -rw-r--r-- | docs/yodldocs/smbcacls.1.yo | 69 |
1 files changed, 53 insertions, 16 deletions
diff --git a/docs/yodldocs/smbcacls.1.yo b/docs/yodldocs/smbcacls.1.yo index 4668d03f1f..e8be5a4d28 100644 --- a/docs/yodldocs/smbcacls.1.yo +++ b/docs/yodldocs/smbcacls.1.yo @@ -1,4 +1,4 @@ -manpage(smbcacls htmlcommand((1)))(1)(3 Dec 2000)(Samba)(SAMBA) +manpage(smbcacls htmlcommand((1)))(1)(22 Dec 2000)(Samba)(SAMBA) label(NAME) manpagename(smbcacls)(Set or get ACLs on an NT file or directory ) @@ -6,10 +6,10 @@ manpagename(smbcacls)(Set or get ACLs on an NT file or directory ) label(SYNOPSIS) manpagesynopsis() -bf(smbcacls) //server/share filename link(-U username)(minusU) +bf(smbcacls) //server/share filename [link(-U username)(minusU)] [link(-A acls)(minusA)] [link(-M acls)(minusM)] [link(-D acls)(minusD)] [link(-S acls)(minusS)] -[link(-C username)(minusC)] [link(-G username)(minusG)] +[link(-C name)(minusC)] [link(-G name)(minusG)] [link(-n)(minusn)] [link(-h)(minush)] label(DESCRIPTION) @@ -78,6 +78,24 @@ url(bf(smb.conf))(smb.conf.5.html) file is used, or tt(username%password) or tt(DOMAIN\username%password) and the password and workgroup names are used as provided. +label(minusC) +dit(bf(-C name)) + +The owner of a file or directory can be changed to the name given +using the -C option. The name can be a sid in the form tt(S-1-x-y-z) or a +name resolved against the server specified in the first argument. + +This command is a shortcut for tt(-M OWNER:name). + +label(minusG) +dit(bf(-G name)) + +The group owner of a file or directory can be changed to the name given +using the -G option. The name can be a sid in the form tt(S-1-x-y-z) or a +name resolved against the server specified in the first argument. + +This command is a shortcut for tt(-M GROUP:name). + label(minusn) dit(bf(-n)) @@ -95,22 +113,22 @@ enddit() label(ACLFORMAT) manpagesection(ACL FORMAT) -The format of an ACL is one or more ACL entries separated by either spaces, +The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: -verb( -REVISION:<revision number> +verb(REVISION:<revision number> OWNER:<sid or name> GROUP:<sid or name> ACL:<sid or name>:<type>/<flags>/<mask>) The revision of the ACL specifies the internal Windows NT ACL revision for -the security descriptor. If not specified it defaults to 1. +the security descriptor. If not specified it defaults to 1. Using values +other than 1 may cause strange behaviour. The owner and group specify the owner and group sids for the object. If a SID in the format tt(S-1-x-y-z) is specified this is used, otherwise the name specified is resolved using the server on which the file or -directory resides. +directory resides. ACLs specify permissions granted to the SID. This SID again can be specified in tt(S-1-x-y-z) format or as a name in which case it is resolved @@ -121,16 +139,17 @@ The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to the SID. The flags values are generally zero for file ACLs and either 9 or 2 for directory ACLs. Some common flags are: -verb( -#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 +verb(#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 #define SEC_ACE_FLAG_INHERIT_ONLY 0x8) -The mask is a value which expresses the access right granted to -the SID. It can be given as a hexadecimal value or by using one of the +At present flags can only be specified as decimal or hexadecimal values. + +The mask is a value which expresses the access right granted to the SID. +It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same -name. +name. startdit() @@ -152,15 +171,33 @@ The following combined permissions can be specified: startdit() -dit() tt(READ) Equivalent to tt(RX) permissions -dit() tt(CHANGE) Equivalent to tt(RXWD) permissions -dit() tt(FULL) Equivalent to tt(RWXDPO) permissions +dit() tt(READ) + +Equivalent to tt(RX) permissions + +dit() tt(CHANGE) + +Equivalent to tt(RXWD) permissions + +dit() tt(FULL) + +Equivalent to tt(RWXDPO) permissions enddit() label(EXITSTATUS) manpagesection(EXIT STATUS) +The bf(smbcacls) program sets the exit status depending on the success or +otherwise of the operations performed. The exit status may be one of the +following values. + +If the operation succeded, bf(smbcacls) returns and exit status of 0. If +bf(smbcacls) couldn't connect to the specified server, or there was an +error getting or setting the ACLs, an exit status of 1 is returned. If +there was an error parsing any command line arguments, an exit status of 2 +is returned. + label(AUTHOR) manpageauthor() |