summaryrefslogtreecommitdiff
path: root/docs/docbook/manpages/smbcacls.1.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/manpages/smbcacls.1.sgml')
-rw-r--r--docs/docbook/manpages/smbcacls.1.sgml105
1 files changed, 105 insertions, 0 deletions
diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml
new file mode 100644
index 0000000000..aaddf5c09c
--- /dev/null
+++ b/docs/docbook/manpages/smbcacls.1.sgml
@@ -0,0 +1,105 @@
+
+Namesmbcacls - Set or get ACLs on an NT file or directory
+Synopsis
+smbcacls
+//server/share filename [-U username] [-A acls] [-M acls] [-D acls] [-S acls]
+ [-C name] [-G name] [-n] [-h]
+Description
+The smbcacls program manipulates
+NT Access Control Lists (ACLs) on SMB file shares.
+Options
+The following
+options are available to the smbcacls program. The format of ACLs is described
+in the section ACL FORMAT
+-A aclsAdd the ACLs specified to the ACL list.
+ Existing access control entries are unchanged. -M aclsModify the mask value
+(permissions) for the ACLs specified on the command line. An error will
+be printed for each ACL specified that was not already present in the ACL
+list. -D aclsDelete any ACLs specfied on the command line. An error will
+be printed for each ACL specified that was not already present in the ACL
+list. -S aclsThis command sets the ACLs on the file with only the ones specified
+on the command line. All other ACLs are erased. Note that the ACL specified
+must contain at least a revision, type, owner and group for the call to
+succeed. -U usernameSpecifies a username used to connect to the specified
+service. The username may be of the form CWusername in which case the user
+is prompted to enter in a password and the workgroup specified in the smb.conf
+file is used, or CWusername%password or CWDOMAIN\username%password and the
+password and workgroup names are used as provided. -C nameThe owner of a
+file or directory can be changed to the name given using the -C option.
+The name can be a sid in the form CWS-1-x-y-z or a name resolved against the
+server specified in the first argument. This command is a shortcut for CW-M
+OWNER:name. -G nameThe group owner of a file or directory can be changed
+to the name given using the -G option. The name can be a sid in the form
+CWS-1-x-y-z or a name resolved against the server specified in the first argument.
+This command is a shortcut for CW-M GROUP:name. -nThis option displays all
+ACL information in numeric format. The default is to convert SIDs to names
+and ACE types and masks to a readable string format. -hPrint usage information
+on the smbcacls program
+Acl Format
+The format of an ACL is one or more ACL
+entries separated by either commas or newlines. An ACL entry is one of
+the following:
+
+
+
+REVISION:<revision number>
+OWNER:<sid or name>
+GROUP:<sid or name>
+ACL:<sid or name>:<type>/<flags>/<mask>
+
+
+
+The revision of the ACL specifies the internal Windows NT ACL revision
+for the security descriptor. If not specified it defaults to 1. Using values
+other than 1 may cause strange behaviour.
+The owner and group specify the
+owner and group sids for the object. If a SID in the format CWS-1-x-y-z is
+specified this is used, otherwise the name specified is resolved using
+the server on which the file or directory resides.
+ACLs specify permissions
+granted to the SID. This SID again can be specified in CWS-1-x-y-z format or
+as a name in which case it is resolved against the server on which the
+file or directory resides. The type, flags and mask values determine the
+type of access granted to the SID.
+The type can be either 0 or 1 corresponding
+to ALLOWED or DENIED access to the SID. The flags values are generally
+zero for file ACLs and either 9 or 2 for directory ACLs. Some common flags
+are:
+
+
+
+#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1
+#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4
+#define SEC_ACE_FLAG_INHERIT_ONLY 0x8
+
+
+
+At present flags can only be specified as decimal or hexadecimal values.
+
+The mask is a value which expresses the access right granted to the SID.
+It can be given as a decimal or hexadecimal value, or by using one of the
+following text strings which map to the NT file permissions of the same
+name.
+CWR Allow read access CWW Allow write access CWX Execute permission
+on the object CWD Delete the object CWP Change permissions CWO Take ownership
+
+The following combined permissions can be specified:
+CWREAD Equivalent
+to CWRX permissions CWCHANGE Equivalent to CWRXWD permissions CWFULL
+ Equivalent to CWRWXDPO permissions
+Exit Status
+The smbcacls program sets
+the exit status depending on the success or otherwise of the operations
+performed. The exit status may be one of the following values.
+If the operation
+succeded, smbcacls returns and exit status of 0. If smbcacls couldn't connect
+to the specified server, or there was an error getting or setting the ACLs,
+an exit status of 1 is returned. If there was an error parsing any command
+line arguments, an exit status of 2 is returned.
+Author
+The original Samba
+software and related utilities were created by Andrew Tridgell. Samba is
+now developed by the Samba Team as an Open Source project.
+smbcacls was
+written by Andrew Tridgell and Tim Potter. \ No newline at end of file