From f6345168364c57d58267a4a12424090fe5bccf4c Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 21 Dec 2000 23:33:57 +0000 Subject: Documentation updates for smbcacls program. (This used to be commit f9450cd7b7352a206dc05d8ad2a7b86a2586b892) --- docs/htmldocs/smbcacls.1.html | 50 ++++++++++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 13 deletions(-) (limited to 'docs/htmldocs/smbcacls.1.html') diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html index b7a048a1f3..e75a5741e5 100644 --- a/docs/htmldocs/smbcacls.1.html +++ b/docs/htmldocs/smbcacls.1.html @@ -11,7 +11,7 @@

smbcacls (1)

Samba

-

3 Dec 2000

+

22 Dec 2000

@@ -21,9 +21,10 @@

SYNOPSIS

-

smbcacls //server/share filename -U username +

smbcacls //server/share filename [-U username] [-A acls] [-M acls] [-D acls] [-S acls] +[-C name] [-G name] [-n] [-h]

DESCRIPTION

@@ -62,6 +63,18 @@ prompted to enter in a password and the workgroup specified in the smb.conf file is used, or username%password or DOMAIN\username%password and the password and workgroup names are used as provided. +

+

-C name
+

The owner of a file or directory can be changed to the name given +using the -C option. The name can be a sid in the form S-1-x-y-z or a +name resolved against the server specified in the first argument. +

This command is a shortcut for -M OWNER:name. +

+

-G name
+

The group owner of a file or directory can be changed to the name given +using the -G option. The name can be a sid in the form S-1-x-y-z or a +name resolved against the server specified in the first argument. +

This command is a shortcut for -M GROUP:name.

-n

This option displays all ACL information in numeric format. The default is @@ -74,10 +87,9 @@ format.

ACL FORMAT

-

The format of an ACL is one or more ACL entries separated by either spaces, +

The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: 

-
 REVISION:<revision number>
 OWNER:<sid or name>
 GROUP:<sid or name>
@@ -85,11 +97,12 @@ ACL:<sid or name>:<type>/<flags>/<mask>

The revision of the ACL specifies the internal Windows NT ACL revision for -the security descriptor. If not specified it defaults to 1. +the security descriptor. If not specified it defaults to 1. Using values +other than 1 may cause strange behaviour.

The owner and group specify the owner and group sids for the object. If a SID in the format S-1-x-y-z is specified this is used, otherwise the name specified is resolved using the server on which the file or -directory resides. +directory resides.

ACLs specify permissions granted to the SID. This SID again can be specified in S-1-x-y-z format or as a name in which case it is resolved against the server on which the file or directory resides. The type, flags @@ -98,17 +111,17 @@ and mask values determine the type of access granted to the SID. the SID. The flags values are generally zero for file ACLs and either 9 or 2 for directory ACLs. Some common flags are: 

-
 #define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1
 #define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2
 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
 #define SEC_ACE_FLAG_INHERIT_ONLY       	0x8
-

The mask is a value which expresses the access right granted to -the SID. It can be given as a hexadecimal value or by using one of the +

At present flags can only be specified as decimal or hexadecimal values. +

The mask is a value which expresses the access right granted to the SID. +It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same -name. +name.

R Allow read access

W Allow write access @@ -119,13 +132,24 @@ name.

The following combined permissions can be specified:

-

READ Equivalent to RX permissions -

CHANGE Equivalent to RXWD permissions -

FULL Equivalent to RWXDPO permissions +

READ +

Equivalent to RX permissions +

CHANGE +

Equivalent to RXWD permissions +

FULL +

Equivalent to RWXDPO permissions

EXIT STATUS

+

The smbcacls program sets the exit status depending on the success or +otherwise of the operations performed. The exit status may be one of the +following values. +

If the operation succeded, smbcacls returns and exit status of 0. If +smbcacls couldn't connect to the specified server, or there was an +error getting or setting the ACLs, an exit status of 1 is returned. If +there was an error parsing any command line arguments, an exit status of 2 +is returned.

AUTHOR

-- cgit