getcifsacl

getcifsacl [--numeric] file...

--numeric, -n
    Displays UIDs/GIDs numerically instead of attempting to resolve them to user or group names. This can be useful when name resolution services are unavailable or when dealing with unmapped SIDs.

file...
    One or more paths to files or directories located on a mounted CIFS/SMB filesystem for which to retrieve ACLs. The command will read and display the ACLs for each specified path.

getcifsacl is a command-line utility used to display the Access Control Lists (ACLs) associated with files and directories on a CIFS/SMB filesystem mounted in Linux. Unlike POSIX ACLs which getfacl handles, getcifsacl specifically retrieves the Windows-style ACLs, providing a more accurate representation of permissions as seen from a Windows environment. This tool is essential for administrators and users who need to understand and debug permission issues on CIFS/SMB shares, especially when interacting with Active Directory or Windows servers. It reads the Security Descriptor from the specified file or directory and translates it into a human-readable format, detailing owner, group, and individual Access Control Entries (ACEs) including SIDs (Security Identifiers), permission types (allow/deny), and inheritance flags. It is part of the cifs-utils package.

This command is specific to CIFS/SMB mounted filesystems and will not function on other filesystem types (e.g., ext4, XFS).
The remote CIFS/SMB server must support CIFS ACLs for this command to function correctly.
Interpreting the output can sometimes be challenging due to complex SIDs and permission flags, especially when SIDs cannot be resolved to names.
getcifsacl only reads ACLs; use setcifsacl to modify them.

getcifsacl is a component of the cifs-utils suite, a collection of tools designed to manage the Linux CIFS client. Its development is closely tied to the evolution of the Linux kernel's CIFS client, which enabled deeper interoperability with Windows file servers. The command was introduced to bridge the gap between Linux's native permission model and Windows' ACL-based security, allowing Linux users to inspect and manage permissions on CIFS shares in a way that is consistent with Windows. This became increasingly important as Linux systems integrated more deeply into mixed-OS environments, requiring robust tools for managing cross-platform file access and security.

setcifsacl(1), mount.cifs(8), smbclient(1), getfacl(1), setfacl(1)