|
Packit |
5f9837 |
==========
|
|
Packit |
5f9837 |
setcifsacl
|
|
Packit |
5f9837 |
==========
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
------------------------------------------------------------------------------------------------
|
|
Packit |
5f9837 |
Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS)
|
|
Packit |
5f9837 |
------------------------------------------------------------------------------------------------
|
|
Packit |
5f9837 |
:Manual section: 1
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SYNOPSIS
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
DESCRIPTION
|
|
Packit |
5f9837 |
***********
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
This tool is part of the cifs-utils suite.
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
\ **setcifsacl**\ is a userspace helper program for the Linux CIFS client
|
|
Packit Service |
a19c70 |
file system. It is intended to alter an ACL of a security descriptor
|
|
Packit Service |
a19c70 |
for a file system object. Whether a security descriptor to be set is
|
|
Packit |
5f9837 |
applied or not is determined by the CIFS/SMB server.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
This program uses a plugin to handle the mapping of user and group
|
|
Packit Service |
a19c70 |
names to SIDs. ``@pluginpath@`` should be a symlink that points to the
|
|
Packit |
5f9837 |
correct plugin to use.
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
OPTIONS
|
|
Packit |
5f9837 |
*******
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
\ **-h**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Print usage message and exit.
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
\ **-v**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Print version number and exit.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
\ **-a**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Add one or more ACEs to an ACL of a security descriptor. An ACE is
|
|
Packit Service |
a19c70 |
added even if the same ACE exists in the ACL.
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
\ **-D**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Delete one or more ACEs from an ACL of a security descriptor. Entire
|
|
Packit Service |
a19c70 |
ACE has to match in an existing ACL for the listed ACEs to be deleted.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **-M**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Modify one or more ACEs from an ACL of a security descriptor. SID and
|
|
Packit Service |
a19c70 |
type are used to match for existing ACEs to be modified with the list
|
|
Packit Service |
a19c70 |
of ACEs specified.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **-S**\
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Set an ACL of security descriptor with the list of ACEs Existing ACL
|
|
Packit Service |
a19c70 |
is replaced entirely with the specified ACEs.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Every ACE entry starts with "ACL:" One or more ACEs are specified
|
|
Packit Service |
a19c70 |
within double quotes. Multiple ACEs are separated by a comma.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
Following fields of an ACE can be modified with possible values:
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **SID**\ - Either a name or a raw SID value.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **type**\ - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **flags**\ - OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or
|
|
Packit Service |
a19c70 |
0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10)
|
|
Packit Service |
a19c70 |
or a combination/OR of these values.
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
\ **mask**\ - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
EXAMPLES
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
Add an ACE
|
|
Packit |
5f9837 |
==========
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
.. code-block:: perl
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
|
|
Packit Service |
a19c70 |
setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Delete an ACE
|
|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
.. code-block:: perl
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Modify an ACE
|
|
Packit |
5f9837 |
=============
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
.. code-block:: perl
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
Set an ACL
|
|
Packit |
5f9837 |
==========
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
.. code-block:: perl
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name>
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
NOTES
|
|
Packit |
5f9837 |
*****
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
Kernel support for getcifsacl/setcifsacl utilities was initially
|
|
Packit |
5f9837 |
introduced in the 2.6.37 kernel.
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
SEE ALSO
|
|
Packit |
5f9837 |
********
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
mount.cifs(8), getcifsacl(1)
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
AUTHOR
|
|
Packit |
5f9837 |
******
|
|
Packit |
5f9837 |
|
|
Packit Service |
a19c70 |
|
|
Packit |
5f9837 |
Shirish Pargaonkar wrote the setcifsacl program.
|
|
Packit |
5f9837 |
|
|
Packit |
5f9837 |
The Linux CIFS Mailing list is the preferred place to ask questions
|
|
Packit |
5f9837 |
regarding these programs.
|
|
Packit Service |
a19c70 |
|