5 ------------------------------------------------------------------------------------------------
6 Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS)
7 ------------------------------------------------------------------------------------------------
14 setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object}
20 This tool is part of the cifs-utils suite.
22 ``setcifsacl`` is a userspace helper program for the Linux CIFS client
23 file system. It is intended to alter an ACL of a security descriptor
24 for a file system object. Whether a security descriptor to be set is
25 applied or not is determined by the CIFS/SMB server.
27 This program uses a plugin to handle the mapping of user and group
28 names to SIDs. *@pluginpath@* should be a symlink that points to the
29 correct plugin to use.
36 Print usage message and exit.
39 Print version number and exit.
42 Add one or more ACEs to an ACL of a security descriptor. An ACE is
43 added even if the same ACE exists in the ACL.
46 Delete one or more ACEs from an ACL of a security descriptor. Entire
47 ACE has to match in an existing ACL for the listed ACEs to be deleted.
50 Modify one or more ACEs from an ACL of a security descriptor. SID and
51 type are used to match for existing ACEs to be modified with the list
55 Set an ACL of security descriptor with the list of ACEs Existing ACL
56 is replaced entirely with the specified ACEs.
58 Every ACE entry starts with "ACL:" One or more ACEs are specified
59 within double quotes. Multiple ACEs are separated by a comma.
61 Following fields of an ACE can be modified with possible values:
63 - ``SID`` - Either a name or a raw SID value.
64 - ``type`` - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6)
65 - ``flags`` - OBJECT_INHERIT_FLAG (OI or 0x1),
66 CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI
67 or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or
68 0x10) or a combination/OR of these values.
69 - ``mask`` - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value.
78 setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" <file_name>
79 setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" <file_name>
84 setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" <file_name>
89 setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" <file_name>
94 setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" <file_name>
100 Kernel support for getcifsacl/setcifsacl utilities was initially
101 introduced in the 2.6.37 kernel.
107 mount.cifs(8), getcifsacl(1)
113 Shirish Pargaonkar wrote the setcifsacl program.
115 The Linux CIFS Mailing list is the preferred place to ask questions
116 regarding these programs.