LinuxCommandLibrary

getcifsacl

Get CIFS/SMB file or directory ACLs

SYNOPSIS

getcifsacl [-a] [-D debuglevel] [-l] [-L] [-U username[%password]] filename

PARAMETERS

-a, --numeric
    Show only numeric UID and GID instead of names.

-D, --debuglevel=LEVEL
    Set maximum debug level (0-10) for verbose output.

-l, --long
    Display full SID strings like @S-1-5-21-...

-L, --lookupsids
    Enable SID to username/groupname translation (default).

-U, --user=username[%password]
    Specify SMB username and optional password for authentication.

DESCRIPTION

The getcifsacl command is a utility from the Samba suite used to display Access Control Lists (ACLs) on files and directories located on mounted CIFS (SMB) filesystems. CIFS, or Common Internet File System, is the protocol used by Windows for file sharing, and its ACLs are based on NTFS permissions, which differ from traditional POSIX ACLs on Linux.

getcifsacl translates these Windows-style ACLs into a human-readable format similar to getfacl(1), showing owner, group, and specific user/group permissions. It works only on filesystems mounted via mount.cifs or smbmount with ACL support enabled (using the acl mount option). The output includes entries like user::rwx, group::r-x, and domain-qualified names such as DOMAIN\user:r--.

This tool is essential for administrators managing mixed Windows-Linux environments, allowing inspection of effective permissions without Windows tools. It supports SID (Security Identifier) lookups for name resolution and can output numeric UIDs/GIDs for precision. Debug levels aid troubleshooting connection issues.

CAVEATS

Requires CIFS filesystem mounted with acl option. Does not work on local filesystems. Needs read access to the target file/dir. SID lookups may fail without proper name resolution or Winbind.

EXAMPLE USAGE

getcifsacl /mnt/share/file.txt
Outputs ACLs in standard format.

getcifsacl -a -l /mnt/share/dir
Shows numeric IDs and long SIDs.

OUTPUT FORMAT

Typical output:
# file: /mnt/share/foo
# owner: DOMAIN\Administrator
# group: DOMAIN\Domain Users
user::rwx
user:300001234:r-x
group::r-x
mask::rwx
other::---

HISTORY

Introduced in Samba 3.2 (2007) as part of client tools for CIFS ACL management. Enhanced in Samba 4.x with better SID handling and numeric output support.

SEE ALSO

setcifsacl(1), getfacl(1), setfacl(1), mount.cifs(8), smbclient(1)

Copied to clipboard