From b58b856db5c5c2583a4bbe24ab39726efefb18a6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 23 Feb 2001 04:34:24 +0000 Subject: more updates. Conversion almost done. 2 more man pages (then all the ASCII stuff) (This used to be commit 7247027e833616bfe9350253cc1e6cdb236b2cdf) --- docs/htmldocs/smbcacls.1.html | 531 +++++++++++++++++++++++++++++------------- 1 file changed, 374 insertions(+), 157 deletions(-) (limited to 'docs/htmldocs/smbcacls.1.html') diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html index e75a5741e5..36f570f2a0 100644 --- a/docs/htmldocs/smbcacls.1.html +++ b/docs/htmldocs/smbcacls.1.html @@ -1,161 +1,378 @@ - - - - -smbcacls (1) - - - - -
- -

smbcacls (1)

-

Samba

-

22 Dec 2000

- - - -

-

NAME

- smbcacls - Set or get ACLs on an NT file or directory -

-

SYNOPSIS

- -

smbcacls //server/share filename [-U username] -[-A acls] [-M acls] -[-D acls] [-S acls] -[-C name] [-G name] -[-n] [-h] -

-

DESCRIPTION

- -

The smbcacls program manipulates NT Access Control Lists (ACLs) on -SMB file shares. -

-

OPTIONS

- -

The following options are available to the smbcacls program. The -format of ACLs is described in the section ACL FORMAT -

-

-

-A acls
-

Add the ACLs specified to the ACL list. Existing access control entries -are unchanged. -

-

-M acls
-

Modify the mask value (permissions) for the ACLs specified on the command -line. An error will be printed for each ACL specified that was not already -present in the ACL list. -

-

-D acls
-

Delete any ACLs specfied on the command line. An error will be printed for -each ACL specified that was not already present in the ACL list. -

-

-S acls
-

This command sets the ACLs on the file with only the ones specified on the -command line. All other ACLs are erased. Note that the ACL specified must -contain at least a revision, type, owner and group for the call to succeed. -

-

-U username
-

Specifies a username used to connect to the specified service. The -username may be of the form username in which case the user is -prompted to enter in a password and the workgroup specified in the -smb.conf file is used, or username%password -or DOMAIN\username%password and the password and workgroup names are -used as provided. -

-

-C name
-

The owner of a file or directory can be changed to the name given -using the -C option. The name can be a sid in the form S-1-x-y-z or a -name resolved against the server specified in the first argument. -

This command is a shortcut for -M OWNER:name. -

-

-G name
-

The group owner of a file or directory can be changed to the name given -using the -G option. The name can be a sid in the form S-1-x-y-z or a -name resolved against the server specified in the first argument. -

This command is a shortcut for -M GROUP:name. -

-

-n
-

This option displays all ACL information in numeric format. The default is -to convert SIDs to names and ACE types and masks to a readable string -format. -

-

-h
-

Print usage information on the smbcacls program -

-

-

ACL FORMAT

- -

The format of an ACL is one or more ACL entries separated by either -commas or newlines. An ACL entry is one of the following: -

+smbcacls
smbcacls
Name
smbcacls -- Set or get ACLs on an NT file or directory names
Synopsis
nmblookup  {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]
DESCRIPTION
This tool is part of the 	Samba suite.
The smbcacls program manipulates NT Access Control Lists 
+	(ACLs) on SMB file shares. 
OPTIONS
The following options are available to the smbcacls program.  
+	The format of ACLs is described in the section ACL FORMAT 
-A acls
Add the ACLs specified to the ACL list.  Existing 
+		access control entries are unchanged. 
-M acls
Modify the mask value (permissions) for the ACLs 
+		specified on the command line.  An error will be printed for each 
+		ACL specified that was not already present in the ACL list
+		
-D acls
Delete any ACLs specfied on the command line.  
+		An error will be printed for each ACL specified that was not 
+		already present in the ACL list. 
-S acls
This command sets the ACLs on the file with 
+		only the ones specified on the command line.  All other ACLs are 
+		erased.  Note that the ACL specified must contain at least a revision, 
+		type, owner and group for the call to succeed. 
-U username
Specifies a username used to connect to the 
+		specified service.  The username may be of the form "username" in 
+		which case the user is prompted to enter in a password and the 
+		workgroup specified in the smb.conf file is 
+		used, or "username%password"  or "DOMAIN\username%password" and the 
+		password and workgroup names are used as provided. 
-C name
The owner of a file or directory can be changed 
+		to the name given using the -C option.  
+		The name can be a sid in the form S-1-x-y-z or a name resolved 
+		against the server specified in the first argument. 
This command is a shortcut for -M OWNER:name. 
+		
-G name
The group owner of a file or directory can 
+		be changed to the name given using the -G 
+		option.  The name can be a sid in the form S-1-x-y-z or a name 
+		resolved against the server specified n the first argument.
+		
This command is a shortcut for -M GROUP:name.
-n
This option displays all ACL information in numeric 
+		format.  The default is to convert SIDs to names and ACE types 
+		and masks to a readable string format.  
-h
Print usage information on the smbcacls
+		 program.
ACL FORMAT
The format of an ACL is one or more ACL entries separated by 
+	either commas or newlines.  An ACL entry is one of the following: 
 
 REVISION:<revision number>
 OWNER:<sid or name>
 GROUP:<sid or name>
 ACL:<sid or name>:<type>/<flags>/<mask>
-

-
-
The revision of the ACL specifies the internal Windows NT ACL revision for
-the security descriptor.  If not specified it defaults to 1.  Using values
-other than 1 may cause strange behaviour.
-
The owner and group specify the owner and group sids for the object.  If a
-SID in the format S-1-x-y-z is specified this is used, otherwise
-the name specified is resolved using the server on which the file or
-directory resides.
-
ACLs specify permissions granted to the SID.  This SID again can be
-specified in S-1-x-y-z format or as a name in which case it is resolved
-against the server on which the file or directory resides.  The type, flags
-and mask values determine the type of access granted to the SID.
-
The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to
-the SID.  The flags values are generally zero for file ACLs and either 9 or
-2 for directory ACLs.  Some common flags are:
-
-#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1
-#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
-#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8
-

-
-
At present flags can only be specified as decimal or hexadecimal values. 
-
The mask is a value which expresses the access right granted to the SID.
-It can be given as a decimal or hexadecimal value, or by using one of the
-following text strings which map to the NT file permissions of the same
-name.
-

-
 R 	Allow read access
-
 W 	Allow write access
-
 X 	Execute permission on the object
-
 D 	Delete the object
-
 P 	Change permissions
-
 O	Take ownership
-

-
The following combined permissions can be specified:
-

-
 READ	 
-
Equivalent to RX permissions
-
 CHANGE 
-
Equivalent to RXWD permissions
-
 FULL   
-
Equivalent to RWXDPO permissions
-

-

-
EXIT STATUS

-    
-
The smbcacls program sets the exit status depending on the success or
-otherwise of the operations performed.  The exit status may be one of the
-following values.
-
If the operation succeded, smbcacls returns and exit status of 0.  If
-smbcacls couldn't connect to the specified server, or there was an
-error getting or setting the ACLs, an exit status of 1 is returned.  If
-there was an error parsing any command line arguments, an exit status of 2
-is returned.
-

-
AUTHOR

-    
-
The original Samba software and related utilities were created by
-Andrew Tridgell. Samba is now developed by the Samba Team as an Open
-Source project.
-
smbcacls was written by Andrew Tridgell and Tim Potter.
-
-
+

The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.

The owner and group specify the owner and group sids for the + object. If a SID in the format CWS-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides.

ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.

The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are:

At present flags can only be specified as decimal or + hexadecimal values.

The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.

The following combined permissions can be specified:

EXIT STATUS

The smbcacls program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values.

If the operation succeded, smbcacls returns and exit + status of 0. If smbcacls couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

smbcacls was written by Andrew Tridgell + and Tim Potter.

The conversion to DocBook for Samba 2.2 was done + by Gerald Carter

\ No newline at end of file -- cgit