1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbcacls.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smbcacls — Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">smbcacls</code> {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" lang="en"><a name="id2483401"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">smbcacls</code> program manipulates NT Access Control
2
Lists (ACLs) on SMB file shares. </p></div><div class="refsect1" lang="en"><a name="id2483545"></a><h2>OPTIONS</h2><p>The following options are available to the <code class="literal">smbcacls</code> program.
1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="smbcacls"><a name="smbcacls.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>smbcacls — Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">smbcacls</code> {//server/share} {filename} [-D acls] [-M acls] [-a acls] [-S acls] [-C name] [-G name] [--numeric] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id2489364"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">smbcacls</code> program manipulates NT Access Control
2
Lists (ACLs) on SMB file shares. </p></div><div class="refsect1" title="OPTIONS"><a name="id2489515"></a><h2>OPTIONS</h2><p>The following options are available to the <code class="literal">smbcacls</code> program.
3
3
The format of ACLs is described in the section ACL FORMAT </p><div class="variablelist"><dl><dt><span class="term">-a acls</span></dt><dd><p>Add the ACLs specified to the ACL list. Existing
4
4
access control entries are unchanged. </p></dd><dt><span class="term">-M acls</span></dt><dd><p>Modify the mask value (permissions) for the ACLs
5
5
specified on the command line. An error will be printed for each
40
40
investigating a problem. Levels above 3 are designed for
41
41
use only by developers and generate HUGE amounts of log
42
42
data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
43
override the <a class="link" href="smb.conf.5.html#LOGLEVEL" target="_top">log level</a> parameter
44
in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number.
45
</p></dd><dt><span class="term">-s <configuration file></span></dt><dd><p>The file specified contains the
43
override the <a class="link" href="smb.conf.5.html#" target="_top"></a> parameter
44
in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-V|--version</span></dt><dd><p>Prints the program version number.
45
</p></dd><dt><span class="term">-s|--configfile <configuration file></span></dt><dd><p>The file specified contains the
46
46
configuration details required by the server. The
47
47
information in this file includes server-specific
48
48
information such as what printcap file to use, as well
52
52
compile time.</p></dd><dt><span class="term">-l|--log-basename=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
53
53
<code class="constant">".progname"</code> will be appended (e.g. log.smbclient,
54
54
log.smbd, etc...). The log file is never removed by the client.
55
</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2481613"></a><h2>ACL FORMAT</h2><p>The format of an ACL is one or more ACL entries separated by
55
</p></dd></dl></div></div><div class="refsect1" title="ACL FORMAT"><a name="id2487580"></a><h2>ACL FORMAT</h2><p>The format of an ACL is one or more ACL entries separated by
56
56
either commas or newlines. An ACL entry is one of the following: </p><pre class="programlisting">
57
57
REVISION:<revision number>
58
58
OWNER:<sid or name>
70
70
resides. The type, flags and mask values determine the type of
71
71
access granted to the SID. </p><p>The type can be either ALLOWED or DENIED to allow/deny access
72
72
to the SID. The flags values are generally zero for file ACLs and
73
either 9 or 2 for directory ACLs. Some common flags are: </p><div class="itemizedlist"><ul type="disc"><li><p><code class="constant">#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</code></p></li><li><p><code class="constant">#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</code></p></li><li><p><code class="constant">#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</code></p></li><li><p><code class="constant">#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</code></p></li></ul></div><p>At present flags can only be specified as decimal or
73
either 9 or 2 for directory ACLs. Some common flags are: </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><code class="constant">#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</code></p></li><li class="listitem"><p><code class="constant">#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</code></p></li><li class="listitem"><p><code class="constant">#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</code></p></li><li class="listitem"><p><code class="constant">#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</code></p></li></ul></div><p>At present flags can only be specified as decimal or
74
74
hexadecimal values.</p><p>The mask is a value which expresses the access right
75
75
granted to the SID. It can be given as a decimal or hexadecimal value,
76
76
or by using one of the following text strings which map to the NT
77
file permissions of the same name. </p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>R</em></span> - Allow read access </p></li><li><p><span class="emphasis"><em>W</em></span> - Allow write access</p></li><li><p><span class="emphasis"><em>X</em></span> - Execute permission on the object</p></li><li><p><span class="emphasis"><em>D</em></span> - Delete the object</p></li><li><p><span class="emphasis"><em>P</em></span> - Change permissions</p></li><li><p><span class="emphasis"><em>O</em></span> - Take ownership</p></li></ul></div><p>The following combined permissions can be specified:</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>READ</em></span> - Equivalent to 'RX'
78
permissions</p></li><li><p><span class="emphasis"><em>CHANGE</em></span> - Equivalent to 'RXWD' permissions
79
</p></li><li><p><span class="emphasis"><em>FULL</em></span> - Equivalent to 'RWXDPO'
80
permissions</p></li></ul></div></div><div class="refsect1" lang="en"><a name="id2481778"></a><h2>EXIT STATUS</h2><p>The <code class="literal">smbcacls</code> program sets the exit status
77
file permissions of the same name. </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><span class="emphasis"><em>R</em></span> - Allow read access </p></li><li class="listitem"><p><span class="emphasis"><em>W</em></span> - Allow write access</p></li><li class="listitem"><p><span class="emphasis"><em>X</em></span> - Execute permission on the object</p></li><li class="listitem"><p><span class="emphasis"><em>D</em></span> - Delete the object</p></li><li class="listitem"><p><span class="emphasis"><em>P</em></span> - Change permissions</p></li><li class="listitem"><p><span class="emphasis"><em>O</em></span> - Take ownership</p></li></ul></div><p>The following combined permissions can be specified:</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p><span class="emphasis"><em>READ</em></span> - Equivalent to 'RX'
78
permissions</p></li><li class="listitem"><p><span class="emphasis"><em>CHANGE</em></span> - Equivalent to 'RXWD' permissions
79
</p></li><li class="listitem"><p><span class="emphasis"><em>FULL</em></span> - Equivalent to 'RWXDPO'
80
permissions</p></li></ul></div></div><div class="refsect1" title="EXIT STATUS"><a name="id2487744"></a><h2>EXIT STATUS</h2><p>The <code class="literal">smbcacls</code> program sets the exit status
81
81
depending on the success or otherwise of the operations performed.
82
82
The exit status may be one of the following values. </p><p>If the operation succeeded, smbcacls returns and exit
83
83
status of 0. If <code class="literal">smbcacls</code> couldn't connect to the specified server,
84
84
or there was an error getting or setting the ACLs, an exit status
85
85
of 1 is returned. If there was an error parsing any command line
86
arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><a name="id2481810"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2481821"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
86
arguments, an exit status of 2 is returned. </p></div><div class="refsect1" title="VERSION"><a name="id2487777"></a><h2>VERSION</h2><p>This man page is correct for version 3 of the Samba suite.</p></div><div class="refsect1" title="AUTHOR"><a name="id2487788"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
87
87
were created by Andrew Tridgell. Samba is now developed
88
88
by the Samba Team as an Open Source project similar
89
89
to the way the Linux kernel is developed.</p><p><code class="literal">smbcacls</code> was written by Andrew Tridgell